percona · Manika-Percona · Jan 29, 2026 · Jan 28, 2026 · dutow · Jan 28, 2026
diff --git a/install-deps.sh b/install-deps.sh
@@ -20,10 +20,13 @@ rpm_deps() {
     if [[ "$COMPONENT" == "postgis" ]]; then
       INSTALL_LIST+="gdal38-devel proj95-devel geos311-devel pcre-devel "
     fi
+    if [[ "$COMPONENT" == "pg_oidc" ]]; then
+      INSTALL_LIST+="gcc-toolset-14 "
+    fi
   fi
 
   if [[ "${RHEL}" -eq 9 ]]; then
-    if [[ "$COMPONENT" == "postgresql" || "$COMPONENT" == "pg_repack" ]]; then
+    if [[ "$COMPONENT" == "postgresql" || "$COMPONENT" == "pg_repack" || "$COMPONENT" == "pg_oidc" ]]; then
       INSTALL_LIST+="gcc-toolset-14 "
     fi
     if [[ "$COMPONENT" == "pgpool2" ]]; then
@@ -38,6 +41,9 @@ rpm_deps() {
     if [[ "$COMPONENT" == "postgis" ]]; then
       INSTALL_LIST+="gdal311-devel proj96-devel geos313-devel pcre2-devel "
     fi
+    if [[ "$COMPONENT" == "pg_oidc" ]]; then
+      INSTALL_LIST+="libstdc++-static "
+    fi
   fi
 
   dnf -y module disable postgresql || true
@@ -124,7 +130,7 @@ deb_deps() {
     fi
   fi
 
-  if [[ "x${DEBIAN}" == "xbullseye" ]]; then
+  if [[ "x${DEBIAN}" == "xbullseye" && "$COMPONENT" != "pg_oidc" ]]; then
     DEBIAN_FRONTEND=noninteractive apt-get -y install software-properties-common
     wget https://apt.llvm.org/llvm.sh
     chmod +x llvm.sh
@@ -133,6 +139,14 @@ deb_deps() {
       DEBIAN_FRONTEND=noninteractive apt-get -y --allow-unauthenticated install dh_systemd
     fi
   fi
+
+  if [[ "$COMPONENT" == "pg_oidc" ]]; then
+    DEBIAN_FRONTEND=noninteractive apt-get -y install software-properties-common
+    wget https://apt.llvm.org/llvm.sh
+    chmod +x llvm.sh
+    ./llvm.sh 21 all
+    apt-get install libc++-21-dev libc++abi-21-dev clang-21 clang++-21
+  fi
 
   return;  
 }
@@ -225,6 +239,22 @@ EOF
     ;;
 
 
+  pg_oidc)
+    if [ "x$OS" = "xrpm" ]; then
+      rpm_deps
+      INSTALL_LIST+="sudo wget git vim rpm-build libcurl-devel krb5-devel openssl-devel percona-postgresql${PG_MAJOR}-devel percona-postgresql${PG_MAJOR}-server rpmdevtools binutils make gcc gcc-c++"
+      dnf -y install ${INSTALL_LIST}
+    else
+      deb_deps
+      DEBIAN_FRONTEND=noninteractive apt-get -y install tzdata
+      ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
+      dpkg-reconfigure --frontend noninteractive tzdata
+      INSTALL_LIST+="sudo build-essential debhelper clang git libjwt-dev libcurl4-openssl-dev libssl-dev libreadline-dev libkrb5-dev zlib1g-dev libxml2-dev libxslt1-dev uuid-dev flex bison pkg-config percona-postgresql-${PG_MAJOR} percona-postgresql-server-dev-all"
+      DEBIAN_FRONTEND=noninteractive apt-get -y --allow-unauthenticated install ${INSTALL_LIST}
+    fi
+    ;;
+
+
   ydiff)
     if [ "x$OS" = "xrpm" ]; then
       rpm_deps

diff --git a/pg_oidc/debian/control b/pg_oidc/debian/control
@@ -0,0 +1,28 @@
+Source: percona-pg-oidc-validator@@PGMAJOR@@
+Section: database
+Priority: optional
+Maintainer: Percona Development Team info@percona.com
+Build-Depends:
+ debhelper (>= 9),
+ percona-postgresql-server-dev-all (>= 153~),
+ libcurl4-openssl-dev,
+ libssl-dev (>= 1.1.1),
+ libjwt-dev,
+ zlib1g-dev,
+ libkrb5-dev,
+ libxml2-dev,
+ libxslt1-dev,
+ libreadline-dev,
+Standards-Version: 4.6.2
+Rules-Requires-Root: no
+Homepage: https://github.com/Percona-Lab/pg_oidc_validator.git
+
+Package: percona-pg-oidc-validator@@PGMAJOR@@
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${postgresql:Depends},
+ ${shlibs:Depends},
+Description: pg-oidc-validator is a PostgreSQL extension.
+ It is an OAuth validator library for PostgreSQL @@PGMAJOR@@.
+
diff --git a/pg_oidc/debian/control.in b/pg_oidc/debian/control.in
@@ -0,0 +1,28 @@
+Source: percona-pg-oidc-validator@@PGMAJOR@@
+Section: database
+Priority: optional
+Maintainer: Percona Development Team info@percona.com
+Build-Depends:
+ debhelper (>= 9),
+ percona-postgresql-server-dev-all (>= 153~),
+ libcurl4-openssl-dev,
+ libssl-dev (>= 1.1.1),
+ libjwt-dev,
+ zlib1g-dev,
+ libkrb5-dev,
+ libxml2-dev,
+ libxslt1-dev,
+ libreadline-dev,
+Standards-Version: 4.6.2
+Rules-Requires-Root: no
+Homepage: https://github.com/Percona-Lab/pg_oidc_validator.git
+
+Package: percona-pg-oidc-validator@@PGMAJOR@@
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${postgresql:Depends},
+ ${shlibs:Depends},
+Description: pg-oidc-validator is a PostgreSQL extension.
+ It is an OAuth validator library for PostgreSQL @@PGMAJOR@@.
+
diff --git a/pg_oidc/debian/percona-pg-oidc-validator18.install b/pg_oidc/debian/percona-pg-oidc-validator18.install
@@ -0,0 +1 @@
+pg_oidc_validator.so usr/lib/postgresql/@@PGMAJOR@@/lib/pg_oidc_validator.so
diff --git a/pg_oidc/debian/rules b/pg_oidc/debian/rules
@@ -0,0 +1,31 @@
+#!/usr/bin/make -f
+
+include /usr/share/postgresql-common/pgxs_debian_control.mk
+
+%:
+	dh $@
+
+override_dh_builddeb:
+	dh_builddeb -- -Zgzip
+
+override_dh_auto_clean:
+	rm -rf build
+
+override_dh_auto_build:
+	make USE_PGXS=1 \
+    CXX="clang++-21" \
+    CXXFLAGS="-stdlib=libc++" \
+    LDFLAGS="-L/usr/lib/llvm-21/lib" \
+    PG_CONFIG=/usr/lib/postgresql/@@PGMAJOR@@/bin/pg_config \
+    USE_LIBCXX=1 \
+    with_llvm=no
+
+override_dh_auto_install:
+	make USE_PGXS=1 install DESTDIR=$(CURDIR)/debian/tmp \
+	PG_CONFIG=/usr/lib/postgresql/@@PGMAJOR@@/bin/pg_config \
+	with_llvm=no
+
+override_dh_auto_test:
+
+override_dh_installdocs:
+	dh_installdocs --all README.*
diff --git a/pg_oidc/pg_oidc.spec b/pg_oidc/pg_oidc.spec
@@ -0,0 +1,61 @@
+
+%define pgmajorversion %{pgmajor}
+%define pginstdir /usr/pgsql-%{pgmajorversion}/
+%global pname pg_oidc_validator
+%global sname percona-pg_oidc_validator%{pgmajorversion}
+
+Name:           %{sname}
+Version:        %{version}
+Release:        %{release}%{?dist}
+Summary:        PostgreSQL OAuth/OIDC token validator extension
+
+%global debug_package %{nil}
+
+License:        Apache-2.0
+URL:            https://github.com/Percona-Lab/pg_oidc_validator
+Source0:        %{name}-%{version}.tar.gz
+
+%if 0%{?rhel} && 0%{?rhel} <= 9
+BuildRequires:  gcc-toolset-14
+%endif
+
+BuildRequires:  postgresql%{pgmajorversion}-devel
+BuildRequires:  libcurl-devel
+BuildRequires:  openssl-devel
+
+Requires:       postgresql%{pgmajorversion}
+Requires:       libcurl
+Requires:       openssl-libs
+
+%description
+pg_oidc_validator is a PostgreSQL extension that implements OIDC (OpenID Connect)
+token validation. It validates JWT tokens from OIDC providers, enabling OAuth-based
+authentication for PostgreSQL connections.
+
+%prep
+%setup -q
+
+%build
+%if 0%{?rhel} && 0%{?rhel} <= 9
+source /opt/rh/gcc-toolset-14/enable
+%endif
+export PG_CONFIG=%{pginstdir}/bin/pg_config
+make USE_PGXS=1 %{?_smp_mflags} with_llvm=no COMPILER='g++ $(CXXFLAGS)'
+
+%install
+%if 0%{?rhel} && 0%{?rhel} <= 9
+source /opt/rh/gcc-toolset-14/enable
+#%else
+#source /opt/rh/gcc-toolset-15/enable
+%endif
+export PG_CONFIG=%{pginstdir}/bin/pg_config
+make USE_PGXS=1 install DESTDIR=%{buildroot} with_llvm=no COMPILER='g++ $(CXXFLAGS)'
+
+%files
+%license LICENSE.txt
+%doc README.md
+%{pginstdir}/lib/%{pname}.so
+
+%changelog
+* Wed Jan 21 2026 Manika Singhal <manika.singhal@percona.com> - 0.2-1
+- Initial build 0.2
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		pg_oidc_validator.so usr/lib/postgresql/@@PGMAJOR@@/lib/pg_oidc_validator.so