feat: multiple versions for the pgaudit extension

Build multiple versions of the pgaudit extension on different PostgreSQL versions.
Add test for the extensions and their upgrade on PostgreSQL 15 and 17.

Author: jfroche

nix/ext/pgaudit.nix

@@ -1,61 +1,135 @@
 {
   lib,
   stdenv,
+  buildEnv,
   fetchFromGitHub,
   libkrb5,
   openssl,
   postgresql,
 }:
 #adapted from https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/sql/postgresql/ext/pgaudit.nix
 let
-  source =
-    {
-      "17" = {
-        version = "17.0";
-        hash = "sha256-3ksq09wiudQPuBQI3dhEQi8IkXKLVIsPFgBnwLiicro=";
-      };
-      "16" = {
-        version = "16.0";
-        hash = "sha256-8+tGOl1U5y9Zgu+9O5UDDE4bec4B0JC/BQ6GLhHzQzc=";
-      };
-      "15" = {
-        version = "1.7.0";
-        hash = "sha256-8pShPr4HJaJQPjW1iPJIpj3CutTx8Tgr+rOqoXtgCcw=";
-      };
-    }
-    .${lib.versions.major postgresql.version}
-    or (throw "Source for pgaudit is not available for ${postgresql.version}");
-in
-stdenv.mkDerivation {
   pname = "pgaudit";
-  inherit (source) version;
+  # Load version configuration from external file
+  allVersions = (builtins.fromJSON (builtins.readFile ./versions.json)).${pname};
 
-  src = fetchFromGitHub {
-    owner = "pgaudit";
-    repo = "pgaudit";
-    rev = source.version;
-    hash = source.hash;
-  };
+  # Filter versions compatible with current PostgreSQL version
+  supportedVersions = lib.filterAttrs (
+    _: value: builtins.elem (lib.versions.major postgresql.version) value.postgresql
+  ) allVersions;
+
+  # Derived version information
+  versions = lib.naturalSort (lib.attrNames supportedVersions);
+  latestVersion = lib.last versions;
+  numberOfVersions = builtins.length versions;
+  packages = builtins.attrValues (
+    lib.mapAttrs (name: value: build name value.hash) supportedVersions
+  );
+
+  # Build function for individual pgaudit versions
+  build =
+    version: hash:
+    stdenv.mkDerivation {
+      inherit pname version;
+
+      src = fetchFromGitHub {
+        owner = "pgaudit";
+        repo = "pgaudit";
+        rev = version;
+        inherit hash;
+      };
+
+      buildInputs = [
+        libkrb5
+        openssl
+        postgresql
+      ];
+
+      makeFlags = [ "USE_PGXS=1" ];
 
-  buildInputs = [
-    libkrb5
-    openssl
-    postgresql
+      postBuild =
+        lib.optionalString (version == "1.7.0") ''
+          mv ${pname}--1.7.sql ${pname}--1.7.0.sql
+          cp ${pname}--1.7.0.sql ${pname}--1.6.1--1.7.0.sql
+        ''
+        + lib.optionalString (version == "1.7.1") ''
+          mv ${pname}--1.7--1.7.1.sql ${pname}--1.7.0--1.7.1.sql
+        '';
+
+      installPhase = ''
+        runHook preInstall
+
+        mkdir -p $out/{lib,share/postgresql/extension}
+
+        # Install shared library with version suffix
+        mv ${pname}${postgresql.dlSuffix} $out/lib/${pname}-${version}${postgresql.dlSuffix}
+
+        # Install SQL files
+        sed -i '1s/^/DROP EVENT TRIGGER IF EXISTS pgaudit_ddl_command_end; \n/' *.sql
+        sed -i '1s/^/DROP EVENT TRIGGER IF EXISTS pgaudit_sql_drop; \n/' *.sql
+        sed -i 's/CREATE FUNCTION/CREATE OR REPLACE FUNCTION/' *.sql
+        cp *.sql $out/share/postgresql/extension
+
+        # Create version-specific control file
+        sed -e "/^default_version =/d" \
+            -e "s|^module_pathname = .*|module_pathname = '\$libdir/${pname}'|" \
+          ${pname}.control > $out/share/postgresql/extension/${pname}--${version}.control
+
+        # For the latest version, create default control file and symlink
+        if [[ "${version}" == "${latestVersion}" ]]; then
+          {
+            echo "default_version = '${latestVersion}'"
+            cat $out/share/postgresql/extension/${pname}--${latestVersion}.control
+          } > $out/share/postgresql/extension/${pname}.control
+          ln -sfn ${pname}-${latestVersion}${postgresql.dlSuffix} $out/lib/${pname}${postgresql.dlSuffix}
+        fi
+
+        runHook postInstall
+      '';
+
+      meta = with lib; {
+        description = "Open Source PostgreSQL Audit Logging";
+        homepage = "https://github.com/pgaudit/pgaudit";
+        changelog = "https://github.com/pgaudit/pgaudit/releases/tag/${source.version}";
+        license = licenses.postgresql;
+        inherit (postgresql.meta) platforms;
+      };
+    };
+in
+buildEnv {
+  name = pname;
+  paths = packages;
+  pathsToLink = [
+    "/lib"
+    "/share/postgresql/extension"
   ];
+  postBuild = ''
+    # checks
+    (set -x
+       test "$(ls -A $out/lib/${pname}*${postgresql.dlSuffix} | wc -l)" = "${
+         toString (numberOfVersions + 1)
+       }"
+    )
 
-  makeFlags = [ "USE_PGXS=1" ];
+    # Verify all expected library files are present
+    expectedFiles=${toString (numberOfVersions + 1)}
+    actualFiles=$(ls -A $out/lib/${pname}*${postgresql.dlSuffix} | wc -l)
 
-  installPhase = ''
-    install -D -t $out/lib pgaudit${postgresql.dlSuffix}
-    install -D -t $out/share/postgresql/extension *.sql
-    install -D -t $out/share/postgresql/extension *.control
+    if [[ "$actualFiles" != "$expectedFiles" ]]; then
+      echo "Error: Expected $expectedFiles library files, found $actualFiles"
+      echo "Files found:"
+      ls -la $out/lib/${pname}*${postgresql.dlSuffix} || true
+      exit 1
+    fi
   '';
 
-  meta = with lib; {
-    description = "Open Source PostgreSQL Audit Logging";
-    homepage = "https://github.com/pgaudit/pgaudit";
-    changelog = "https://github.com/pgaudit/pgaudit/releases/tag/${source.version}";
-    platforms = postgresql.meta.platforms;
-    license = licenses.postgresql;
+  passthru = {
+    inherit versions numberOfVersions;
+    pname = "${pname}-all";
+    version =
+      "multi-" + lib.concatStringsSep "-" (map (v: lib.replaceStrings [ "." ] [ "-" ] v) versions);
+    defaultSettings = {
+      "shared_preload_libraries" = pname;
+    };
   };
 }

nix/ext/tests/default.nix

@@ -83,6 +83,7 @@ let
           specialisation.postgresql17.configuration = {
             services.postgresql = {
               package = lib.mkForce psql_17;
+              settings = (installedExtension "17").defaultSettings or { };
             };
 
             systemd.services.postgresql-migrate = {
@@ -106,7 +107,13 @@ let
                     install -d -m 0700 -o postgres -g postgres "${newDataDir}"
                     ${newPostgresql}/bin/initdb -D "${newDataDir}"
                     ${newPostgresql}/bin/pg_upgrade --old-datadir "${oldDataDir}" --new-datadir "${newDataDir}" \
-                      --old-bindir "${oldPostgresql}/bin" --new-bindir "${newPostgresql}/bin"
+                      --old-bindir "${oldPostgresql}/bin" --new-bindir "${newPostgresql}/bin" \
+                      ${
+                        if config.services.postgresql.settings.shared_preload_libraries != null then
+                          " --old-options='-c shared_preload_libraries=${config.services.postgresql.settings.shared_preload_libraries}' --new-options='-c shared_preload_libraries=${config.services.postgresql.settings.shared_preload_libraries}'"
+                        else
+                          ""
+                      }
                   else
                     echo "${newDataDir} already exists"
                   fi
@@ -206,6 +213,7 @@ builtins.listToAttrs (
       "pg_graphql"
       "pg_jsonschema"
       "pg_net"
+      "pgaudit"
       "vector"
       "wrappers"
     ]

nix/ext/versions.json

@@ -321,7 +321,39 @@
       "hash": "sha256-Cpi2iASi1QJoED0Qs1dANqg/BNZTsz5S+pw8iYyW03Y="
     }
   },
-    "pgmq": {
+  "pgaudit": {
+    "1.6.1": {
+      "postgresql": [
+        "15"
+      ],
+      "hash": "sha256-vxUDVq7nWkq7Qugy7HJLOXk4B61MSBIYQkzcbU6wSG8="
+    },
+    "1.7.0": {
+      "postgresql": [
+        "15"
+      ],
+      "hash": "sha256-8pShPr4HJaJQPjW1iPJIpj3CutTx8Tgr+rOqoXtgCcw="
+    },
+    "1.7.1": {
+      "postgresql": [
+        "15"
+      ],
+      "hash": "sha256-emwoTowT7WKFX0RQDqJXjIblrzqaUIUkzqSqBCHVKQ8="
+    },
+    "17.0": {
+      "postgresql": [
+        "17"
+      ],
+      "hash": "sha256-3ksq09wiudQPuBQI3dhEQi8IkXKLVIsPFgBnwLiicro="
+    },
+    "17.1": {
+      "postgresql": [
+        "17"
+      ],
+      "hash": "sha256-9St/ESPiFq2NiPKqbwHLwkIyATKUkOGxFcUrWgT+Iqo="
+   }
+  },
+  "pgmq": {
     "1.4.4": {
       "postgresql": [
         "15"