pgextwlist

pgextwlist : PostgreSQL Extension Whitelisting

Overview

ID	Extension	Package	Version	Category	License	Language
7390	pgextwlist	pgextwlist	`1.19`	SEC	PostgreSQL	C

Attribute	Has Binary	Has Library	Need Load	Has DDL	Relocatable	Trusted
--sL---	No	Yes	Yes	No	no	no

Relationships
See Also	ddlx pgdd pg_permissions adminpack pgaudit set_user pg_catcheck noset

missing pg18 on el

Packages

Type	Repo	Version	PG Major Compatibility	Package Pattern	Dependencies
EXT	MIXED	`1.19`	18 17 16 15 14	`pgextwlist`	-
RPM	PIGSTY	`1.19`	18 17 16 15 14	`pgextwlist_$v`	-
DEB	PGDG	`1.19`	18 17 16 15 14	`postgresql-$v-pgextwlist`	-

Linux / PG	PG18	PG17	PG16	PG15	PG14
el8.x86_64	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19
el8.aarch64	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19
el9.x86_64	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19
el9.aarch64	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19
el10.x86_64	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19
el10.aarch64	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19	PIGSTY 1.19
d12.x86_64	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19
d12.aarch64	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19
d13.x86_64	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19
d13.aarch64	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19
u22.x86_64	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19
u22.aarch64	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19
u24.x86_64	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19
u24.aarch64	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19	PGDG 1.19

Package	Version	OS	ORG	SIZE	File URL
`pgextwlist_18`	`1.19`	el8.x86_64	pigsty	20.3 KiB	pgextwlist_18-1.19-1PIGSTY.el8.x86_64.rpm
`pgextwlist_18`	`1.19`	el8.aarch64	pigsty	20.2 KiB	pgextwlist_18-1.19-1PIGSTY.el8.aarch64.rpm
`pgextwlist_18`	`1.19`	el9.x86_64	pigsty	20.4 KiB	pgextwlist_18-1.19-1PIGSTY.el9.x86_64.rpm
`pgextwlist_18`	`1.19`	el9.aarch64	pigsty	20.0 KiB	pgextwlist_18-1.19-1PIGSTY.el9.aarch64.rpm
`pgextwlist_18`	`1.19`	el10.x86_64	pigsty	20.2 KiB	pgextwlist_18-1.19-1PIGSTY.el10.x86_64.rpm
`pgextwlist_18`	`1.19`	el10.aarch64	pigsty	20.2 KiB	pgextwlist_18-1.19-1PIGSTY.el10.aarch64.rpm
`postgresql-18-pgextwlist`	`1.19`	d12.x86_64	pgdg	29.1 KiB	postgresql-18-pgextwlist_1.19-2.pgdg12+1_amd64.deb
`postgresql-18-pgextwlist`	`1.19`	d12.aarch64	pgdg	28.7 KiB	postgresql-18-pgextwlist_1.19-2.pgdg12+1_arm64.deb
`postgresql-18-pgextwlist`	`1.19`	d13.x86_64	pgdg	29.1 KiB	postgresql-18-pgextwlist_1.19-2.pgdg13+1_amd64.deb
`postgresql-18-pgextwlist`	`1.19`	d13.aarch64	pgdg	28.8 KiB	postgresql-18-pgextwlist_1.19-2.pgdg13+1_arm64.deb
`postgresql-18-pgextwlist`	`1.19`	u22.x86_64	pgdg	30.1 KiB	postgresql-18-pgextwlist_1.19-2.pgdg22.04+1_amd64.deb
`postgresql-18-pgextwlist`	`1.19`	u22.aarch64	pgdg	29.3 KiB	postgresql-18-pgextwlist_1.19-2.pgdg22.04+1_arm64.deb
`postgresql-18-pgextwlist`	`1.19`	u24.x86_64	pgdg	29.2 KiB	postgresql-18-pgextwlist_1.19-2.pgdg24.04+1_amd64.deb
`postgresql-18-pgextwlist`	`1.19`	u24.aarch64	pgdg	28.6 KiB	postgresql-18-pgextwlist_1.19-2.pgdg24.04+1_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pgextwlist_17`	`1.19`	el8.x86_64	pigsty	20.3 KiB	pgextwlist_17-1.19-1PIGSTY.el8.x86_64.rpm
`pgextwlist_17`	`1.19`	el8.aarch64	pigsty	20.2 KiB	pgextwlist_17-1.19-1PIGSTY.el8.aarch64.rpm
`pgextwlist_17`	`1.19`	el9.x86_64	pigsty	20.4 KiB	pgextwlist_17-1.19-1PIGSTY.el9.x86_64.rpm
`pgextwlist_17`	`1.19`	el9.aarch64	pigsty	20.0 KiB	pgextwlist_17-1.19-1PIGSTY.el9.aarch64.rpm
`pgextwlist_17`	`1.19`	el10.x86_64	pigsty	20.3 KiB	pgextwlist_17-1.19-1PIGSTY.el10.x86_64.rpm
`pgextwlist_17`	`1.19`	el10.aarch64	pigsty	20.2 KiB	pgextwlist_17-1.19-1PIGSTY.el10.aarch64.rpm
`postgresql-17-pgextwlist`	`1.19`	d12.x86_64	pgdg	29.1 KiB	postgresql-17-pgextwlist_1.19-2.pgdg12+1_amd64.deb
`postgresql-17-pgextwlist`	`1.19`	d12.aarch64	pgdg	28.7 KiB	postgresql-17-pgextwlist_1.19-2.pgdg12+1_arm64.deb
`postgresql-17-pgextwlist`	`1.19`	d13.x86_64	pgdg	29.0 KiB	postgresql-17-pgextwlist_1.19-2.pgdg13+1_amd64.deb
`postgresql-17-pgextwlist`	`1.19`	d13.aarch64	pgdg	28.8 KiB	postgresql-17-pgextwlist_1.19-2.pgdg13+1_arm64.deb
`postgresql-17-pgextwlist`	`1.19`	u22.x86_64	pgdg	38.3 KiB	postgresql-17-pgextwlist_1.19-2.pgdg22.04+1_amd64.deb
`postgresql-17-pgextwlist`	`1.19`	u22.aarch64	pgdg	37.6 KiB	postgresql-17-pgextwlist_1.19-2.pgdg22.04+1_arm64.deb
`postgresql-17-pgextwlist`	`1.19`	u24.x86_64	pgdg	29.2 KiB	postgresql-17-pgextwlist_1.19-2.pgdg24.04+1_amd64.deb
`postgresql-17-pgextwlist`	`1.19`	u24.aarch64	pgdg	28.6 KiB	postgresql-17-pgextwlist_1.19-2.pgdg24.04+1_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pgextwlist_16`	`1.19`	el8.x86_64	pigsty	20.3 KiB	pgextwlist_16-1.19-1PIGSTY.el8.x86_64.rpm
`pgextwlist_16`	`1.19`	el8.aarch64	pigsty	20.2 KiB	pgextwlist_16-1.19-1PIGSTY.el8.aarch64.rpm
`pgextwlist_16`	`1.19`	el9.x86_64	pigsty	20.4 KiB	pgextwlist_16-1.19-1PIGSTY.el9.x86_64.rpm
`pgextwlist_16`	`1.19`	el9.aarch64	pigsty	20.0 KiB	pgextwlist_16-1.19-1PIGSTY.el9.aarch64.rpm
`pgextwlist_16`	`1.19`	el10.x86_64	pigsty	20.2 KiB	pgextwlist_16-1.19-1PIGSTY.el10.x86_64.rpm
`pgextwlist_16`	`1.19`	el10.aarch64	pigsty	20.2 KiB	pgextwlist_16-1.19-1PIGSTY.el10.aarch64.rpm
`postgresql-16-pgextwlist`	`1.19`	d12.x86_64	pgdg	29.1 KiB	postgresql-16-pgextwlist_1.19-2.pgdg12+1_amd64.deb
`postgresql-16-pgextwlist`	`1.19`	d12.aarch64	pgdg	28.7 KiB	postgresql-16-pgextwlist_1.19-2.pgdg12+1_arm64.deb
`postgresql-16-pgextwlist`	`1.19`	d13.x86_64	pgdg	29.0 KiB	postgresql-16-pgextwlist_1.19-2.pgdg13+1_amd64.deb
`postgresql-16-pgextwlist`	`1.19`	d13.aarch64	pgdg	28.8 KiB	postgresql-16-pgextwlist_1.19-2.pgdg13+1_arm64.deb
`postgresql-16-pgextwlist`	`1.19`	u22.x86_64	pgdg	37.7 KiB	postgresql-16-pgextwlist_1.19-2.pgdg22.04+1_amd64.deb
`postgresql-16-pgextwlist`	`1.19`	u22.aarch64	pgdg	37.0 KiB	postgresql-16-pgextwlist_1.19-2.pgdg22.04+1_arm64.deb
`postgresql-16-pgextwlist`	`1.19`	u24.x86_64	pgdg	29.2 KiB	postgresql-16-pgextwlist_1.19-2.pgdg24.04+1_amd64.deb
`postgresql-16-pgextwlist`	`1.19`	u24.aarch64	pgdg	28.6 KiB	postgresql-16-pgextwlist_1.19-2.pgdg24.04+1_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pgextwlist_15`	`1.19`	el8.x86_64	pigsty	20.3 KiB	pgextwlist_15-1.19-1PIGSTY.el8.x86_64.rpm
`pgextwlist_15`	`1.19`	el8.aarch64	pigsty	20.2 KiB	pgextwlist_15-1.19-1PIGSTY.el8.aarch64.rpm
`pgextwlist_15`	`1.19`	el9.x86_64	pigsty	20.4 KiB	pgextwlist_15-1.19-1PIGSTY.el9.x86_64.rpm
`pgextwlist_15`	`1.19`	el9.aarch64	pigsty	20.1 KiB	pgextwlist_15-1.19-1PIGSTY.el9.aarch64.rpm
`pgextwlist_15`	`1.19`	el10.x86_64	pigsty	20.4 KiB	pgextwlist_15-1.19-1PIGSTY.el10.x86_64.rpm
`pgextwlist_15`	`1.19`	el10.aarch64	pigsty	20.3 KiB	pgextwlist_15-1.19-1PIGSTY.el10.aarch64.rpm
`postgresql-15-pgextwlist`	`1.19`	d12.x86_64	pgdg	28.9 KiB	postgresql-15-pgextwlist_1.19-2.pgdg12+1_amd64.deb
`postgresql-15-pgextwlist`	`1.19`	d12.aarch64	pgdg	28.4 KiB	postgresql-15-pgextwlist_1.19-2.pgdg12+1_arm64.deb
`postgresql-15-pgextwlist`	`1.19`	d13.x86_64	pgdg	28.9 KiB	postgresql-15-pgextwlist_1.19-2.pgdg13+1_amd64.deb
`postgresql-15-pgextwlist`	`1.19`	d13.aarch64	pgdg	28.7 KiB	postgresql-15-pgextwlist_1.19-2.pgdg13+1_arm64.deb
`postgresql-15-pgextwlist`	`1.19`	u22.x86_64	pgdg	37.5 KiB	postgresql-15-pgextwlist_1.19-2.pgdg22.04+1_amd64.deb
`postgresql-15-pgextwlist`	`1.19`	u22.aarch64	pgdg	36.8 KiB	postgresql-15-pgextwlist_1.19-2.pgdg22.04+1_arm64.deb
`postgresql-15-pgextwlist`	`1.19`	u24.x86_64	pgdg	29.0 KiB	postgresql-15-pgextwlist_1.19-2.pgdg24.04+1_amd64.deb
`postgresql-15-pgextwlist`	`1.19`	u24.aarch64	pgdg	28.5 KiB	postgresql-15-pgextwlist_1.19-2.pgdg24.04+1_arm64.deb

Package	Version	OS	ORG	SIZE	File URL
`pgextwlist_14`	`1.19`	el8.x86_64	pigsty	20.3 KiB	pgextwlist_14-1.19-1PIGSTY.el8.x86_64.rpm
`pgextwlist_14`	`1.19`	el8.aarch64	pigsty	20.2 KiB	pgextwlist_14-1.19-1PIGSTY.el8.aarch64.rpm
`pgextwlist_14`	`1.19`	el9.x86_64	pigsty	20.4 KiB	pgextwlist_14-1.19-1PIGSTY.el9.x86_64.rpm
`pgextwlist_14`	`1.19`	el9.aarch64	pigsty	20.0 KiB	pgextwlist_14-1.19-1PIGSTY.el9.aarch64.rpm
`pgextwlist_14`	`1.19`	el10.x86_64	pigsty	20.3 KiB	pgextwlist_14-1.19-1PIGSTY.el10.x86_64.rpm
`pgextwlist_14`	`1.19`	el10.aarch64	pigsty	20.2 KiB	pgextwlist_14-1.19-1PIGSTY.el10.aarch64.rpm
`postgresql-14-pgextwlist`	`1.19`	d12.x86_64	pgdg	28.8 KiB	postgresql-14-pgextwlist_1.19-2.pgdg12+1_amd64.deb
`postgresql-14-pgextwlist`	`1.19`	d12.aarch64	pgdg	28.4 KiB	postgresql-14-pgextwlist_1.19-2.pgdg12+1_arm64.deb
`postgresql-14-pgextwlist`	`1.19`	d13.x86_64	pgdg	28.8 KiB	postgresql-14-pgextwlist_1.19-2.pgdg13+1_amd64.deb
`postgresql-14-pgextwlist`	`1.19`	d13.aarch64	pgdg	28.5 KiB	postgresql-14-pgextwlist_1.19-2.pgdg13+1_arm64.deb
`postgresql-14-pgextwlist`	`1.19`	u22.x86_64	pgdg	37.5 KiB	postgresql-14-pgextwlist_1.19-2.pgdg22.04+1_amd64.deb
`postgresql-14-pgextwlist`	`1.19`	u22.aarch64	pgdg	36.8 KiB	postgresql-14-pgextwlist_1.19-2.pgdg22.04+1_arm64.deb
`postgresql-14-pgextwlist`	`1.19`	u24.x86_64	pgdg	29.0 KiB	postgresql-14-pgextwlist_1.19-2.pgdg24.04+1_amd64.deb
`postgresql-14-pgextwlist`	`1.19`	u24.aarch64	pgdg	28.4 KiB	postgresql-14-pgextwlist_1.19-2.pgdg24.04+1_arm64.deb

Source

Repository

github.com/dimitri/pgextwlist

Source Tarball

pgextwlist-1.19.tar.gz

pig build pkg pgextwlist;		# build rpm

Install

Make sure PGDG and PIGSTY repo available:

pig repo add pgsql -u   # add both repo and update cache

Install this extension with pig:

pig install pgextwlist;		# install via package name, for the active PG version

pig install pgextwlist -v 18;   # install for PG 18
pig install pgextwlist -v 17;   # install for PG 17
pig install pgextwlist -v 16;   # install for PG 16
pig install pgextwlist -v 15;   # install for PG 15
pig install pgextwlist -v 14;   # install for PG 14

Config this extension to shared_preload_libraries:

shared_preload_libraries = 'pgextwlist';

This extension does not need CREATE EXTENSION DDL command

Usage

pgextwlist: PostgreSQL extension whitelisting

pgextwlist implements extension whitelisting: only explicitly allowed extensions can be installed, and whitelisted extensions are installed with superuser privileges even when requested by non-superusers.

Configuration

Add to postgresql.conf:

local_preload_libraries = 'pgextwlist'
extwlist.extensions = 'hstore,cube,pg_stat_statements'

Or per-role:

ALTER ROLE adminuser SET extwlist.extensions = 'pg_stat_statements, postgis';

Parameter	Description
`extwlist.extensions`	Comma-separated list of whitelisted extensions
`extwlist.custom_path`	Filesystem path for custom pre/post scripts

Behavior

Non-superusers can install whitelisted extensions:

-- Allowed (hstore is whitelisted)
CREATE EXTENSION hstore;

-- Blocked (not whitelisted)
CREATE EXTENSION earthdistance;
-- ERROR: extension "earthdistance" is not whitelisted

Operations CREATE EXTENSION, DROP EXTENSION, ALTER EXTENSION ... UPDATE, and COMMENT ON EXTENSION are run as superuser for whitelisted extensions.

Custom Scripts

Place scripts in ${extwlist.custom_path}/extname/:

Script	When
`before--1.0.sql`	Before installing version 1.0
`before-create.sql`	Before CREATE (fallback)
`after--1.0.sql`	After installing version 1.0
`after-create.sql`	After CREATE (fallback)
`before-update.sql` / `after-update.sql`	Around ALTER EXTENSION UPDATE
`before-drop.sql` / `after-drop.sql`	Around DROP EXTENSION

Custom scripts support template variables: @extschema@, @current_user@, @database_owner@.

Last updated on 2026-03-12

pg_snakeoil sslutils