PostgreSQL with JIT support enabled doesn't work with plv8. Hence, we'd
get an evaluation failure for each
`nixosTests.postgresql.postgresql.postgresql_jit_X`.
This should be restructured in the future (less VM tests for custom
extensions, but a single VM test for this case to cover). For now, we
should get this fix out and this is a good-enough approach.
The plv8 plugin requires access to pkey syscalls. The execution will
crash hard when it is not allowed by the syscall filter.
Co-Authored-By: Jan Tojnar <jtojnar@gmail.com>
This will be EOL at the end of November, so there's little reason to
keep it in 24.11[1]. As discussed, we'd like to keep it for as long as
possible to make sure there's a state in nixpkgs that has the latest
minor of postgresql_12 available with the most recent CVEs fixed for
people who cannot upgrade[2].
This aspect has been made explicit in the manual now for the next .11
release.
During the discussions it has been brought up that if people just do
`services.postgresql.enable = true;` and let the code decide the
postgresql version based on `system.stateVersion`, there's a chance that
such EOL dates will be missed. To make this harder, a warning will now
be raised when using the stateVersion-condition and the oldest still
available major is selected.
Additionally regrouped the postgresql things in the release notes to
make sure these are all shown consecutively. Otherwise it's a little
hard to keep track of all the changes made to postgresql in 24.11.
[1] https://endoflife.date/postgresql
[2] https://github.com/NixOS/nixpkgs/pull/353158#issuecomment-2453056692
The test previously violated the Kubernetes version skew policy by
deploying a kubelet of hte most recent version in a cluster with an
older apiserver.
This was intended for quite some time already, but ever since enableJIT
was changed to be the source of truth of JIT-iness for the PostgreSQL
module, this hasn't worked for the tests anymore.
There is no need to fire up a whole VM just to run a two line test of
creating the extension. We can use postgresqlTestExtension for that.
This has the advantage that it runs with postgresqlTestHook, so without
a VM, making it more portable.
Manually importing postgresql packages from the /pkgs/ folder or
manually importing the test from /nixos/tests/ in generic.nix is not
only ugly, but also forbidden should we ever move to pkgs/by-name.
We can achieve almost the same with a slightly different setup. We allow
overriding the postgresql package for the test via passthru.override, to
make sure that each postgresql_xx.tests.postgresql-wal-receiver is
properly teted with the right version.
