Zach van Rijn <me@xxxxx> writes: > Under the hood, the only major "technique" is wrapping the 'gcc' > command with flags such as '-static' to ensure that everything > is built correctly, and using reliable toolchains [1]. > There is one minor issue in that the postgres build scripts no > longer appear to support static building [2,3] so it'll attempt > to build files such as 'POSIX.so' etc. and these cause errors. Yup. > The workaround is simply to ignore these errors during build > until I or someone else can get around to supplying patches (in > the next week or so; I have other commitments). TBH, there's going to be zero community interest in such patches. There is no reason to avoid shared libraries, and they're an essential part of the modern Postgres build architecture --- particularly our extensibility story. Personally, I find your claim that purely-static linking is somehow a security advantage to be quite bizarre. All modern Linux distros actually forbid static linking, I believe, because it'd put them in an impossible rebuild situation when some low-level component requires an update --- possibly for security reasons. Are you going to promise immediate updates anytime glibc gets patched, across all the platforms you're proposing to support this on? regards, tom lane
