mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-05 20:42:54 +00:00
a338aee132
Generally ed25519 seems to be much preferred for cryptographic strength to P256 nowadays, and it is NIST approved finally. We should use it where we can as it's also faster than p256. This PR makes the re-signed JWTs between local_proxy and pg_session_jwt use ed25519. This does introduce a new dependency on ed25519, but I do recall some Neon Authorise customers asking for support for ed25519, so I am justifying this dependency addition in the context that we can then introduce support for customer ed25519 keys sources: * https://csrc.nist.gov/pubs/fips/186-5/final subsection 7 (EdDSA) * https://datatracker.ietf.org/doc/html/rfc8037#section-3.1
This directory contains files that are needed to build the compute images, or included in the compute images.
compute-node.Dockerfile To build the compute image
vm-image-spec.yaml Instructions for vm-builder, to turn the compute-node image into corresponding vm-compute-node image.
etc/ Configuration files included in /etc in the compute image
patches/ Some extensions need to be patched to work with Neon. This directory contains such patches. They are applied to the extension sources in compute-node.Dockerfile
In addition to these, postgres itself, the neon postgres extension, and compute_ctl are built and copied into the compute image by compute-node.Dockerfile.