resync
Signed-off-by: Brian Stinson <bstinson@redhat.com>
This commit is contained in:
parent
4133dd9055
commit
4f59768c46
5
.gitignore
vendored
5
.gitignore
vendored
@ -1,2 +1,3 @@
|
||||
SOURCES/mariadb-10.5.8.tar.gz
|
||||
/mariadb-10.5.8.tar.gz
|
||||
/*/
|
||||
/*.rpm
|
||||
/*.tar.gz
|
||||
|
@ -1,9 +0,0 @@
|
||||
MariaDB haven't yet made a document package available for offline.
|
||||
|
||||
You can create your own copy with the instructions here:
|
||||
|
||||
https://mariadb.com/kb/en/meta/mirroring-the-mariadb-knowledge-base/
|
||||
|
||||
You can find view the on-line documentation at:
|
||||
|
||||
https://mariadb.com/kb/en/documentation/
|
@ -1,13 +0,0 @@
|
||||
This directory contains prepared configuration files with .cnf extension,
|
||||
which provide a configuration for some common MariaDB deployment scenarios.
|
||||
These configuration files do not include the default configuration of datadir,
|
||||
log-file and pid-file locations, as specified in the default my.cnf file,
|
||||
provided in this distribution.
|
||||
|
||||
Thus, it is recommended to use these configuration files as an addition to the
|
||||
default my.cnf configuration file.
|
||||
|
||||
Since default my.cnf contains `!includedir @INSTALL_SYSCONF2DIR@` directive, it is
|
||||
recommended to copy required configuration under @INSTALL_SYSCONF2DIR@ directory,
|
||||
so the default my.cnf specifications will be extended.
|
||||
|
@ -1,6 +0,0 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
@ -1,46 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# This script downloads sources and modifies them
|
||||
|
||||
set -ex
|
||||
|
||||
NAME="mariadb"
|
||||
VERSION=$( rpmspec -q --srpm --qf '%{VERSION}' "${NAME}.spec" )
|
||||
# SOURCES_URL=$( spectool -s 0 "$NAME.spec" | cut -d ' ' -f 2 )
|
||||
SOURCES_URL="https://downloads.mariadb.org/interstitial/mariadb-${VERSION}/source/mariadb-${VERSION}.tar.gz"
|
||||
|
||||
OLD_ARCHIVE_NAME="${NAME}-${VERSION}"
|
||||
NEW_ARCHIVE_NAME="${NAME}-${VERSION}-downstream_modified"
|
||||
|
||||
# Retrieve the archive:
|
||||
|
||||
rm -rf "./${OLD_ARCHIVE_NAME}.tar.gz" "./${OLD_ARCHIVE_NAME}/" "./${NEW_ARCHIVE_NAME}.tar.gz" "./${NEW_ARCHIVE_NAME}/"
|
||||
wget "${SOURCES_URL}"
|
||||
|
||||
# Modify the archive:
|
||||
|
||||
# 1/ Change both the name of the archive and the name of the base directory inside of the archive
|
||||
# It will be necessary to change the name in the SPECfile in the %prep phase
|
||||
# This will prevent maintainer to rebase to a non-modified sources archive without changing the SPECfile
|
||||
|
||||
tar -xof "${OLD_ARCHIVE_NAME}.tar.gz"
|
||||
mv "${OLD_ARCHIVE_NAME}" "${NEW_ARCHIVE_NAME}"
|
||||
|
||||
# 2/ Remove the code licensed under the PerconaFT license
|
||||
# which was not yet reviewed as suitable for Fedora or RHEL.
|
||||
#
|
||||
# License file:
|
||||
# storage/tokudb/PerconaFT/PATENTS
|
||||
#
|
||||
# The whole storage engine, which requires code under this license
|
||||
# has to be removed before uploading sources to Fedora.
|
||||
|
||||
rm -r "${NEW_ARCHIVE_NAME}/storage/tokudb"
|
||||
|
||||
# Pack the extracted files back to the archive
|
||||
|
||||
tar -czf "${NEW_ARCHIVE_NAME}.tar.gz" "${NEW_ARCHIVE_NAME}"
|
||||
|
||||
# Remove the decompressed original used to create the archive
|
||||
|
||||
rm -r "./${NEW_ARCHIVE_NAME}/"
|
@ -1,29 +0,0 @@
|
||||
This scirpt is ran by the systemd service.
|
||||
In Fedora the service has priviledges dropped to the mysql user.
|
||||
Thus "chown 0" will always fail
|
||||
|
||||
Never parse 'ls' output!
|
||||
http://mywiki.wooledge.org/BashFAQ/087
|
||||
|
||||
--- mariadb-10.4.12/scripts/mysql_install_db.sh 2020-01-26 21:43:53.000000000 +0100
|
||||
+++ mariadb-10.4.12/scripts/mysql_install_db.sh_patched 2020-01-29 11:11:09.448812331 +0100
|
||||
@@ -482,13 +482,16 @@ if test -n "$user"
|
||||
then
|
||||
if test -z "$srcdir" -a "$in_rpm" -eq 0
|
||||
then
|
||||
- chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
|
||||
- chmod 04755 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool"
|
||||
- if test $? -ne 0
|
||||
+ if [ `stat "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" -c %u` -ne 0 ]
|
||||
then
|
||||
+ chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
|
||||
+ chmod 04755 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool"
|
||||
+ if test $? -ne 0
|
||||
+ then
|
||||
echo "Couldn't set an owner to '$pamtooldir/auth_pam_tool_dir/auth_pam_tool'."
|
||||
echo "It must be root, the PAM authentication plugin doesn't work otherwise.."
|
||||
echo
|
||||
+ fi
|
||||
fi
|
||||
chown $user "$pamtooldir/auth_pam_tool_dir" && \
|
||||
chmod 0700 "$pamtooldir/auth_pam_tool_dir"
|
@ -1,39 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# We check if there is already a process using the socket file,
|
||||
# since otherwise the systemd service file could report false
|
||||
# positive result when starting and mysqld_safe could remove
|
||||
# a socket file, which is actually being used by a different daemon.
|
||||
|
||||
source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
|
||||
|
||||
if test -e "$socketfile" ; then
|
||||
echo "Socket file $socketfile exists." >&2
|
||||
|
||||
# no write permissions
|
||||
if ! test -w "$socketfile" ; then
|
||||
echo "Not enough permission to write to the socket file $socketfile, which is suspicious." >&2
|
||||
echo "Please, remove $socketfile manually to start the service." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# not a socket file
|
||||
if ! test -S "$socketfile" ; then
|
||||
echo "The file $socketfile is not a socket file, which is suspicious." >&2
|
||||
echo "Please, remove $socketfile manually to start the service." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# some process uses the socket file
|
||||
response=`@bindir@/mariadb-admin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER --connect-timeout="${CHECKSOCKETTIMEOUT:-10}" ping 2>&1`
|
||||
if [ $? -eq 0 ] || echo "$response" | grep -q "Access denied for user" ; then
|
||||
echo "Is another MariaDB daemon already running with the same unix socket?" >&2
|
||||
echo "Please, stop the process using the socket $socketfile or remove the file manually to start the service." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# socket file is a garbage
|
||||
echo "No process is using $socketfile, which means it is a garbage, so it will be removed automatically." >&2
|
||||
fi
|
||||
|
||||
exit 0
|
@ -1,39 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
|
||||
|
||||
upgrade_info_file="$datadir/mysql_upgrade_info"
|
||||
version=0
|
||||
# get version as integer from mysql_upgrade_info file
|
||||
if [ -f "$upgrade_info_file" ] && [ -r "$upgrade_info_file" ] ; then
|
||||
version_major=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\1/')
|
||||
version_minor=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\2/')
|
||||
if [[ $version_major =~ ^[0-9]+$ ]] && [[ $version_minor =~ ^[0-9]+$ ]] ; then
|
||||
version=$((version_major*100+version_minor))
|
||||
fi
|
||||
fi
|
||||
|
||||
# compute current version as integer
|
||||
thisversion=$((@MAJOR_VERSION@*100+@MINOR_VERSION@))
|
||||
|
||||
# provide warning in cases we should run mysql_upgrade
|
||||
if [ $version -ne $thisversion ] ; then
|
||||
|
||||
# give extra warning if some version seems to be skipped
|
||||
if [ $version -gt 0 ] && [ $version -lt 505 ] ; then
|
||||
echo "The datadir located at $datadir seems to be older than of a version 5.5. Please, mind that as a general rule, to upgrade from one release series to another, go to the next series rather than skipping a series." >&2
|
||||
fi
|
||||
|
||||
cat <<EOF >&2
|
||||
The datadir located at $datadir needs to be upgraded using 'mariadb-upgrade' tool. This can be done using the following steps:
|
||||
|
||||
1. Back-up your data before with 'mariadb-upgrade'
|
||||
2. Start the database daemon using 'systemctl start @DAEMON_NAME@.service'
|
||||
3. Run 'mariadb-upgrade' with a database user that has sufficient privileges
|
||||
|
||||
Read more about 'mariadb-upgrade' usage at:
|
||||
https://mariadb.com/kb/en/mysql_upgrade/
|
||||
EOF
|
||||
fi
|
||||
|
||||
exit 0
|
@ -1,28 +0,0 @@
|
||||
Fix md5 in FIPS mode
|
||||
|
||||
OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer.
|
||||
In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while
|
||||
in 3.0.0+ it is a different EVP_MD provider.
|
||||
|
||||
Resolves: rhbz#2050541
|
||||
|
||||
diff -up mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc.fips mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc
|
||||
--- mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc.fips 2022-02-07 16:36:47.255131576 +0100
|
||||
+++ mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc 2022-02-07 22:57:32.391002916 +0100
|
||||
@@ -52,12 +52,15 @@ static void md5_result(EVP_MD_CTX *conte
|
||||
|
||||
static void md5_init(EVP_MD_CTX *context)
|
||||
{
|
||||
+ EVP_MD *md5;
|
||||
+ md5 = EVP_MD_fetch(NULL, "MD5", "fips=no");
|
||||
EVP_MD_CTX_init(context);
|
||||
#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
|
||||
/* Ok to ignore FIPS: MD5 is not used for crypto here */
|
||||
EVP_MD_CTX_set_flags(context, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
#endif
|
||||
- EVP_DigestInit_ex(context, EVP_md5(), NULL);
|
||||
+ EVP_DigestInit_ex(context, md5, NULL);
|
||||
+ EVP_MD_free(md5);
|
||||
}
|
||||
|
||||
static void md5_input(EVP_MD_CTX *context, const uchar *buf, unsigned len)
|
12
mariadb-galera.cnf.patch
Normal file
12
mariadb-galera.cnf.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- mariadb-10.1.13/support-files/wsrep.cnf.sh.orig 2016-03-24 10:12:15.000000000 +0100
|
||||
+++ mariadb-10.1.13/support-files/wsrep.cnf.sh 2016-04-07 10:18:34.281155365 +0200
|
||||
@@ -30,6 +30,9 @@ bind-address=0.0.0.0
|
||||
## WSREP options
|
||||
##
|
||||
|
||||
+# Enable wsrep
|
||||
+wsrep_on=1
|
||||
+
|
||||
# Full path to wsrep provider library or 'none'
|
||||
wsrep_provider=none
|
||||
|
@ -1,30 +0,0 @@
|
||||
# Fixing conflict with groonga package
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1763287
|
||||
|
||||
--- mariadb-10.3.18/storage/mroonga/vendor/groonga/CMakeLists.txt.withoutoption 2019-11-11 14:01:07.762595716 +0100
|
||||
+++ mariadb-10.3.18/storage/mroonga/vendor/groonga/CMakeLists.txt 2019-11-11 14:33:05.224012458 +0100
|
||||
@@ -86,7 +86,9 @@
|
||||
set(INCLUDE_DIR "include")
|
||||
set(GRN_INCLUDE_DIR "include/groonga")
|
||||
set(DATA_DIR "share")
|
||||
-set(GRN_DATA_DIR "${DATA_DIR}/${GRN_PROJECT_NAME}")
|
||||
+if(NOT DEFINED GRN_DATA_DIR)
|
||||
+ set(GRN_DATA_DIR "${DATA_DIR}/${GRN_PROJECT_NAME}")
|
||||
+endif()
|
||||
set(CONFIG_DIR "etc")
|
||||
set(GRN_CONFIG_DIR "${CONFIG_DIR}/${GRN_PROJECT_NAME}")
|
||||
set(GRN_CONFIG_PATH "${CMAKE_INSTALL_PREFIX}/${GRN_CONFIG_DIR}/groonga.conf")
|
||||
|
||||
--- mariadb-10.3.18/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/CMakeLists.txt.withoutoption 2019-11-11 14:34:22.661005715 +0100
|
||||
+++ mariadb-10.3.18/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/CMakeLists.txt 2019-11-11 14:35:59.962244120 +0100
|
||||
@@ -16,7 +16,9 @@
|
||||
# MA 02110-1335 USA
|
||||
|
||||
cmake_minimum_required(VERSION 2.6)
|
||||
-set(GROONGA_NORMALIZER_MYSQL_PROJECT_NAME "groonga-normalizer-mysql")
|
||||
+if (NOT DEFINED GROONGA_NORMALIZER_MYSQL_PROJECT_NAME)
|
||||
+ set(GROONGA_NORMALIZER_MYSQL_PROJECT_NAME "groonga-normalizer-mysql")
|
||||
+endif()
|
||||
project("${GROONGA_NORMALIZER_MYSQL_PROJECT_NAME}")
|
||||
|
||||
if(DEFINED GROONGA_NORMALIZER_MYSQL_EMBED)
|
@ -26,9 +26,13 @@ Update 6/2018
|
||||
beeing able to send the SIGHUP to the process and read the mysqld pid file, which root can.
|
||||
* Submited as PR: https://github.com/MariaDB/server/pull/807
|
||||
|
||||
--- mariadb-10.5.4/support-files/mysql-log-rotate.sh.old 2020-09-16 13:36:57.247955135 +0200
|
||||
+++ mariadb-10.5.4/support-files/mysql-log-rotate.sh 2020-09-16 13:40:59.744220908 +0200
|
||||
@@ -3,23 +3,10 @@
|
||||
Update 01/2022
|
||||
* added delaycompress option
|
||||
* see https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux
|
||||
|
||||
--- mariadb-10.3.32/support-files/mysql-log-rotate.sh 2022-01-14 17:03:27.000000000 +0100
|
||||
+++ mariadb-10.3.32/support-files/mysql-log-rotate.sh_patched 2022-01-17 15:07:54.205379672 +0100
|
||||
@@ -3,36 +3,22 @@
|
||||
# in the [mysqld] section as follows:
|
||||
#
|
||||
# [mysqld]
|
||||
@ -52,13 +56,15 @@ Update 6/2018
|
||||
- # create 600 mysql mysql
|
||||
+@LOG_LOCATION@ {
|
||||
+ create 600 mysql mysql
|
||||
su mysql mysql
|
||||
notifempty
|
||||
daily
|
||||
rotate 3
|
||||
@@ -27,11 +14,9 @@
|
||||
missingok
|
||||
compress
|
||||
+ delaycompress
|
||||
postrotate
|
||||
# just if mariadbd is really running
|
||||
# just if mysqld is really running
|
||||
- if test -x @bindir@/mysqladmin && \
|
||||
- @bindir@/mysqladmin ping &>/dev/null
|
||||
- then
|
||||
|
@ -1,401 +0,0 @@
|
||||
From c80991c79f701dac42c630af4bd39593b0c7efb4 Mon Sep 17 00:00:00 2001
|
||||
From: Vladislav Vaintroub <wlad@mariadb.com>
|
||||
Date: Mon, 8 Nov 2021 18:48:19 +0100
|
||||
Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0
|
||||
|
||||
Summary of changes
|
||||
|
||||
- MD_CTX_SIZE is increased
|
||||
|
||||
- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points
|
||||
to nobody knows where. The assumption made previously was that
|
||||
(since the function does not seem to be documented)
|
||||
was that it points to the last partial source block.
|
||||
Add own partial block buffer for NOPAD encryption instead
|
||||
|
||||
- SECLEVEL in CipherString in openssl.cnf
|
||||
had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible
|
||||
|
||||
- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers,
|
||||
in addition to what was set in --ssl-cipher
|
||||
|
||||
- ctx_buf buffer now must be aligned to 16 bytes with openssl(
|
||||
previously with WolfSSL only), ot crashes will happen
|
||||
|
||||
- updated aes-t , to be better debuggable
|
||||
using function, rather than a huge multiline macro
|
||||
added test that does "nopad" encryption piece-wise, to test
|
||||
replacement of EVP_CIPHER_CTX_buf_noconst
|
||||
---
|
||||
cmake/ssl.cmake | 19 ++++-
|
||||
include/ssl_compat.h | 3 +-
|
||||
mysql-test/lib/openssl.cnf | 2 +-
|
||||
mysql-test/main/ssl_cipher.result | 6 +-
|
||||
mysql-test/main/ssl_cipher.test | 2 +-
|
||||
mysys_ssl/my_crypt.cc | 46 +++++++-----
|
||||
unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++--------
|
||||
7 files changed, 141 insertions(+), 58 deletions(-)
|
||||
|
||||
|
||||
diff -up mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 mariadb-10.5.12-downstream_modified/cmake/ssl.cmake
|
||||
--- mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 2021-08-03 10:29:07.000000000 +0200
|
||||
+++ mariadb-10.5.12-downstream_modified/cmake/ssl.cmake 2021-11-18 16:58:41.552440737 +0100
|
||||
@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL)
|
||||
SET(SSL_INTERNAL_INCLUDE_DIRS "")
|
||||
SET(SSL_DEFINES "-DHAVE_OPENSSL")
|
||||
|
||||
+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
|
||||
+ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}})
|
||||
+ ENDFOREACH()
|
||||
+
|
||||
+ # Silence "deprecated in OpenSSL 3.0"
|
||||
+ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake
|
||||
+ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0"))
|
||||
+ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L")
|
||||
+ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L)
|
||||
+ ENDIF()
|
||||
+
|
||||
SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
|
||||
SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES})
|
||||
- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
|
||||
+
|
||||
CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h"
|
||||
HAVE_ERR_remove_thread_state)
|
||||
CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h"
|
||||
@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL)
|
||||
HAVE_EncryptAes128Gcm)
|
||||
CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h"
|
||||
HAVE_X509_check_host)
|
||||
- SET(CMAKE_REQUIRED_INCLUDES)
|
||||
- SET(CMAKE_REQUIRED_LIBRARIES)
|
||||
+
|
||||
+ FOREACH(x INCLUDES LIBRARIES DEFINITIONS)
|
||||
+ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}})
|
||||
+ ENDFOREACH()
|
||||
ELSE()
|
||||
IF(WITH_SSL STREQUAL "system")
|
||||
MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support")
|
||||
diff -up mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 mariadb-10.5.12-downstream_modified/include/ssl_compat.h
|
||||
--- mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 2021-08-03 10:29:07.000000000 +0200
|
||||
+++ mariadb-10.5.12-downstream_modified/include/ssl_compat.h 2021-11-18 16:58:41.552440737 +0100
|
||||
@@ -24,7 +24,7 @@
|
||||
#define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION)
|
||||
#define ERR_remove_state(X) ERR_clear_error()
|
||||
#define EVP_CIPHER_CTX_SIZE 176
|
||||
-#define EVP_MD_CTX_SIZE 48
|
||||
+#define EVP_MD_CTX_SIZE 72
|
||||
#undef EVP_MD_CTX_init
|
||||
#define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0)
|
||||
#undef EVP_CIPHER_CTX_init
|
||||
@@ -74,7 +74,6 @@
|
||||
#define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G))
|
||||
#endif
|
||||
|
||||
-#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf)
|
||||
#define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt)
|
||||
#define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX)
|
||||
|
||||
diff -up mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf
|
||||
--- mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 2021-08-03 10:29:07.000000000 +0200
|
||||
+++ mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf 2021-11-18 16:58:41.552440737 +0100
|
||||
@@ -9,4 +9,4 @@ ssl_conf = ssl_section
|
||||
system_default = system_default_section
|
||||
|
||||
[system_default_section]
|
||||
-CipherString = ALL:@SECLEVEL=1
|
||||
+CipherString = ALL:@SECLEVEL=0
|
||||
diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result
|
||||
--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 2021-08-03 10:29:08.000000000 +0200
|
||||
+++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result 2021-11-18 16:58:41.552440737 +0100
|
||||
@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL;
|
||||
SHOW STATUS LIKE 'Ssl_cipher';
|
||||
Variable_name Value
|
||||
Ssl_cipher AES128-SHA
|
||||
-SHOW STATUS LIKE 'Ssl_cipher_list';
|
||||
-Variable_name Value
|
||||
-Ssl_cipher_list AES128-SHA
|
||||
+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
|
||||
+VARIABLE_VALUE like '%AES128-SHA%'
|
||||
+1
|
||||
disconnect ssl_con;
|
||||
connection default;
|
||||
diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test
|
||||
--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 2021-11-18 16:58:41.552440737 +0100
|
||||
+++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test 2021-11-18 17:00:47.753839711 +0100
|
||||
@@ -100,6 +100,6 @@ connect (ssl_con,localhost,root,,,,,SSL)
|
||||
--replace_regex /TLS_AES_.*/AES128-SHA/
|
||||
SHOW STATUS LIKE 'Ssl_cipher';
|
||||
--replace_regex /TLS_AES_.*/AES128-SHA/
|
||||
-SHOW STATUS LIKE 'Ssl_cipher_list';
|
||||
+SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list';
|
||||
disconnect ssl_con;
|
||||
connection default;
|
||||
diff -up mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc
|
||||
--- mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 2021-08-03 10:29:08.000000000 +0200
|
||||
+++ mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc 2021-11-18 16:58:41.552440737 +0100
|
||||
@@ -29,11 +29,7 @@
|
||||
#include <ssl_compat.h>
|
||||
#include <cstdint>
|
||||
|
||||
-#ifdef HAVE_WOLFSSL
|
||||
#define CTX_ALIGN 16
|
||||
-#else
|
||||
-#define CTX_ALIGN 0
|
||||
-#endif
|
||||
|
||||
class MyCTX
|
||||
{
|
||||
@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX
|
||||
{
|
||||
public:
|
||||
const uchar *key;
|
||||
- uint klen, buf_len;
|
||||
+ uint klen, source_tail_len;
|
||||
uchar oiv[MY_AES_BLOCK_SIZE];
|
||||
+ uchar source_tail[MY_AES_BLOCK_SIZE];
|
||||
|
||||
MyCTX_nopad() : MyCTX() { }
|
||||
~MyCTX_nopad() { }
|
||||
@@ -112,7 +109,7 @@ public:
|
||||
compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad));
|
||||
this->key= key;
|
||||
this->klen= klen;
|
||||
- this->buf_len= 0;
|
||||
+ this->source_tail_len= 0;
|
||||
if (ivlen)
|
||||
memcpy(oiv, iv, ivlen);
|
||||
DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv));
|
||||
@@ -123,26 +120,41 @@ public:
|
||||
return res;
|
||||
}
|
||||
|
||||
+ /** Update last partial source block, stored in source_tail array. */
|
||||
+ void update_source_tail(const uchar* src, uint slen)
|
||||
+ {
|
||||
+ if (!slen)
|
||||
+ return;
|
||||
+ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE;
|
||||
+ if (new_tail_len)
|
||||
+ {
|
||||
+ if (slen + source_tail_len < MY_AES_BLOCK_SIZE)
|
||||
+ {
|
||||
+ memcpy(source_tail + source_tail_len, src, slen);
|
||||
+ }
|
||||
+ else
|
||||
+ {
|
||||
+ DBUG_ASSERT(slen > new_tail_len);
|
||||
+ memcpy(source_tail, src + slen - new_tail_len, new_tail_len);
|
||||
+ }
|
||||
+ }
|
||||
+ source_tail_len= new_tail_len;
|
||||
+ }
|
||||
+
|
||||
int update(const uchar *src, uint slen, uchar *dst, uint *dlen)
|
||||
{
|
||||
- buf_len+= slen;
|
||||
+ update_source_tail(src, slen);
|
||||
return MyCTX::update(src, slen, dst, dlen);
|
||||
}
|
||||
|
||||
int finish(uchar *dst, uint *dlen)
|
||||
{
|
||||
- buf_len %= MY_AES_BLOCK_SIZE;
|
||||
- if (buf_len)
|
||||
+ if (source_tail_len)
|
||||
{
|
||||
- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx);
|
||||
/*
|
||||
Not much we can do, block ciphers cannot encrypt data that aren't
|
||||
a multiple of the block length. At least not without padding.
|
||||
Let's do something CTR-like for the last partial block.
|
||||
-
|
||||
- NOTE this assumes that there are only buf_len bytes in the buf.
|
||||
- If OpenSSL will change that, we'll need to change the implementation
|
||||
- of this class too.
|
||||
*/
|
||||
uchar mask[MY_AES_BLOCK_SIZE];
|
||||
uint mlen;
|
||||
@@ -154,10 +166,10 @@ public:
|
||||
return rc;
|
||||
DBUG_ASSERT(mlen == sizeof(mask));
|
||||
|
||||
- for (uint i=0; i < buf_len; i++)
|
||||
- dst[i]= buf[i] ^ mask[i];
|
||||
+ for (uint i=0; i < source_tail_len; i++)
|
||||
+ dst[i]= source_tail[i] ^ mask[i];
|
||||
}
|
||||
- *dlen= buf_len;
|
||||
+ *dlen= source_tail_len;
|
||||
return MY_AES_OK;
|
||||
}
|
||||
};
|
||||
diff -up mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c
|
||||
--- mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 2021-08-03 10:29:10.000000000 +0200
|
||||
+++ mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c 2021-11-18 16:58:41.553440740 +0100
|
||||
@@ -21,27 +21,96 @@
|
||||
#include <string.h>
|
||||
#include <ctype.h>
|
||||
|
||||
-#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \
|
||||
- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \
|
||||
- { \
|
||||
- memset(src, fill, src_len= slen); \
|
||||
- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \
|
||||
- src, src_len, dst, &dst_len, \
|
||||
- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \
|
||||
- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \
|
||||
- if (!nopad) \
|
||||
- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\
|
||||
- my_md5(md5, (char*)dst, dst_len); \
|
||||
- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \
|
||||
- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \
|
||||
- dst, dst_len, ddst, &ddst_len, \
|
||||
- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \
|
||||
- "decrypt " #mode " %u", dst_len); \
|
||||
- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \
|
||||
+
|
||||
+/** Test streaming encryption, bytewise update.*/
|
||||
+static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src,
|
||||
+ unsigned int slen, unsigned char *dst, unsigned int *dlen,
|
||||
+ const unsigned char *key, unsigned int klen,
|
||||
+ const unsigned char *iv, unsigned int ivlen)
|
||||
+{
|
||||
+ /* Allocate context on odd address on stack, in order to
|
||||
+ catch misalignment errors.*/
|
||||
+ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1;
|
||||
+
|
||||
+ int res1, res2;
|
||||
+ uint d1= 0, d2;
|
||||
+ uint i;
|
||||
+
|
||||
+ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen)))
|
||||
+ return res1;
|
||||
+ for (i= 0; i < slen; i++)
|
||||
+ {
|
||||
+ uint tmp_d1=0;
|
||||
+ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1);
|
||||
+ if (res1)
|
||||
+ return res1;
|
||||
+ d1+= tmp_d1;
|
||||
+ dst+= tmp_d1;
|
||||
+ }
|
||||
+ res2= my_aes_crypt_finish(ctx, dst, &d2);
|
||||
+ *dlen= d1 + d2;
|
||||
+ return res1 ? res1 : res2;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+#ifndef HAVE_EncryptAes128Ctr
|
||||
+const uint MY_AES_CTR=0xDEADBEAF;
|
||||
+#endif
|
||||
+#ifndef HAVE_EncryptAes128Gcm
|
||||
+const uint MY_AES_GCM=0xDEADBEAF;
|
||||
+#endif
|
||||
+
|
||||
+#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF)
|
||||
+
|
||||
+static void do_test(uint mode, const char *mode_str, int nopad, uint slen,
|
||||
+ char fill, size_t dlen, const char *hash)
|
||||
+{
|
||||
+ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6};
|
||||
+ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7};
|
||||
+ uchar src[1000], dst[1100], dst2[1100], ddst[1000];
|
||||
+ uchar md5[MY_MD5_HASH_SIZE];
|
||||
+ uint src_len, dst_len, dst_len2, ddst_len;
|
||||
+ int result;
|
||||
+
|
||||
+ if (MY_AES_UNSUPPORTED(mode))
|
||||
+ {
|
||||
+ skip(nopad?7:6, "%s not supported", mode_str);
|
||||
+ return;
|
||||
+ }
|
||||
+ memset(src, fill, src_len= slen);
|
||||
+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len,
|
||||
+ dst, &dst_len, key, sizeof(key), iv, sizeof(iv));
|
||||
+ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len,
|
||||
+ nopad ? "nopad" : "pad");
|
||||
+
|
||||
+ if (nopad)
|
||||
+ {
|
||||
+ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src,
|
||||
+ src_len, dst2, &dst_len2, key, sizeof(key),
|
||||
+ iv, sizeof(iv));
|
||||
+ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len);
|
||||
+ /* Compare with non-bytewise encryption result*/
|
||||
+ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0,
|
||||
+ "memcmp bytewise %s %u", mode_str, src_len);
|
||||
}
|
||||
+ else
|
||||
+ {
|
||||
+ int dst_len_real= my_aes_get_size(mode, src_len);
|
||||
+ ok(dst_len_real= dst_len, "my_aes_get_size");
|
||||
+ }
|
||||
+ my_md5(md5, (char *) dst, dst_len);
|
||||
+ ok(dst_len == dlen, "md5 len");
|
||||
+ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5");
|
||||
+ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT,
|
||||
+ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv,
|
||||
+ sizeof(iv));
|
||||
+
|
||||
+ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len);
|
||||
+ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp");
|
||||
+}
|
||||
|
||||
-#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H)
|
||||
-#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H)
|
||||
+#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H)
|
||||
+#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H)
|
||||
|
||||
/* useful macro for debugging */
|
||||
#define PRINT_MD5() \
|
||||
@@ -53,25 +122,15 @@
|
||||
printf("\"\n"); \
|
||||
} while(0);
|
||||
|
||||
-#ifndef HAVE_EncryptAes128Ctr
|
||||
-const uint MY_AES_CTR=0xDEADBEAF;
|
||||
-#endif
|
||||
-#ifndef HAVE_EncryptAes128Gcm
|
||||
-const uint MY_AES_GCM=0xDEADBEAF;
|
||||
-#endif
|
||||
|
||||
int
|
||||
main(int argc __attribute__((unused)),char *argv[])
|
||||
{
|
||||
- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6};
|
||||
- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7};
|
||||
- uchar src[1000], dst[1100], ddst[1000];
|
||||
- uchar md5[MY_MD5_HASH_SIZE];
|
||||
- uint src_len, dst_len, ddst_len;
|
||||
|
||||
MY_INIT(argv[0]);
|
||||
|
||||
- plan(87);
|
||||
+ plan(122);
|
||||
+
|
||||
DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a");
|
||||
DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b");
|
||||
DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9");
|
||||
|
||||
|
||||
|
||||
MariaDB before 10.8 series does not contain the OpenSSL 3 patch on the upstream.
|
||||
MariaDB upstream later added the following condition:
|
||||
https://github.com/MariaDB/server/commit/c9beef4315
|
||||
limiting the OpenSSL that can be used to < 3. and reverted this commit for 10.8 and later:
|
||||
https://github.com/MariaDB/server/commit/64e358821e
|
||||
|
||||
Since we apply the OpenSSL 3 patch from MariaDB 10.8 series to earlier series, we need to revert this commit
|
||||
on those earlier series too.
|
||||
|
||||
--- mariadb-10.5.15-downstream_modified/cmake/ssl.cmake 2022-02-22 05:13:17.259097302 +0100
|
||||
+++ mariadb-10.5.15-downstream_modified/cmake/ssl.cmake_patched 2022-02-23 07:22:20.290082378 +0100
|
||||
@@ -118,7 +118,7 @@ MACRO (MYSQL_CHECK_SSL)
|
||||
ENDIF()
|
||||
FIND_PACKAGE(OpenSSL)
|
||||
SET_PACKAGE_PROPERTIES(OpenSSL PROPERTIES TYPE RECOMMENDED)
|
||||
- IF(OPENSSL_FOUND AND OPENSSL_VERSION AND OPENSSL_VERSION VERSION_LESS "3.0.0")
|
||||
+ IF(OPENSSL_FOUND)
|
||||
SET(OPENSSL_LIBRARY ${OPENSSL_SSL_LIBRARY})
|
||||
INCLUDE(CheckSymbolExists)
|
||||
SET(SSL_SOURCES "")
|
@ -1,13 +1,15 @@
|
||||
--- mariadb-10.4.14/support-files/CMakeLists.txt 2020-08-06 17:28:28.000000000 +0200
|
||||
+++ mariadb-10.4.14/support-files/CMakeLists.txt_patched 2020-09-03 13:21:07.826658279 +0200
|
||||
@@ -187,6 +187,7 @@ IF(UNIX)
|
||||
COMPONENT SharedLibraries)
|
||||
INSTALL(FILES rpm/mysql-clients.cnf DESTINATION ${INSTALL_SYSCONF2DIR}
|
||||
COMPONENT Client)
|
||||
+ CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_SOURCE_DIR}/rpm/server.cnf @ONLY)
|
||||
INSTALL(FILES rpm/server.cnf DESTINATION ${INSTALL_SYSCONF2DIR}
|
||||
COMPONENT IniFiles)
|
||||
INSTALL(FILES rpm/enable_encryption.preset DESTINATION ${INSTALL_SYSCONF2DIR}
|
||||
diff -up mariadb-10.1.8/support-files/CMakeLists.txt.p9 mariadb-10.1.8/support-files/CMakeLists.txt
|
||||
--- mariadb-10.2.32/support-files/CMakeLists.txt 2020-05-08 13:45:27.000000000 +0200
|
||||
+++ mariadb-10.2.32/support-files/CMakeLists.txt_pacthed 2020-05-13 10:11:30.884190396 +0200
|
||||
@@ -100,7 +100,8 @@ IF(UNIX)
|
||||
ENDIF()
|
||||
|
||||
CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY)
|
||||
- INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_LIBDIR}/pkgconfig COMPONENT Development)
|
||||
+ CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_BINARY_DIR}/rpm/server.cnf @ONLY)
|
||||
+ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_SHAREDIR}/pkgconfig COMPONENT Development)
|
||||
|
||||
INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development)
|
||||
|
||||
diff -up mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup mariadb-10.0.15/support-files/rpm/server.cnf
|
||||
--- mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup 2015-01-24 23:55:55.110063592 +0100
|
||||
|
@ -3,17 +3,18 @@ Use PCDIR CMake option, if configured
|
||||
Upstream install the server pkgconfig file into arch-independent directory
|
||||
Reported to upstream as: https://jira.mariadb.org/browse/MDEV-14340
|
||||
|
||||
--- mariadb-10.5.5/support-files/CMakeLists.txt.old 2020-09-30 10:36:08.582490318 +0200
|
||||
+++ mariadb-10.5.5/support-files/CMakeLists.txt 2020-09-30 10:38:58.079710848 +0200
|
||||
@@ -91,7 +91,11 @@
|
||||
ENDIF()
|
||||
--- mariadb-10.3.12/support-files/CMakeLists.txt 2019-03-20 15:25:53.423283135 +0100
|
||||
+++ mariadb-10.3.12/support-files/CMakeLists.txt_patched 2019-03-20 15:38:56.372819958 +0100
|
||||
@@ -82,7 +82,12 @@ IF(UNIX)
|
||||
|
||||
CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY)
|
||||
CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_BINARY_DIR}/rpm/server.cnf @ONLY)
|
||||
+IF(INSTALL_PCDIR)
|
||||
+ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_PCDIR} COMPONENT Development)
|
||||
+ELSE()
|
||||
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_LIBDIR}/pkgconfig COMPONENT Development)
|
||||
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_SHAREDIR}/pkgconfig COMPONENT Development)
|
||||
+ENDIF()
|
||||
+
|
||||
|
||||
INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development)
|
||||
|
||||
|
@ -1,137 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# This script creates the MariaDB data directory during first service start.
|
||||
# In subsequent starts, it does nothing much.
|
||||
|
||||
source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common"
|
||||
|
||||
export LC_ALL=C
|
||||
|
||||
# Returns content of the specified directory
|
||||
# If listing files fails, fake-file is returned so which means
|
||||
# we'll behave like there was some data initialized
|
||||
# Some files or directories are fine to be there, so those are
|
||||
# explicitly removed from the listing
|
||||
# @param <dir> datadir
|
||||
list_datadir ()
|
||||
{
|
||||
( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \
|
||||
-e '^lost+found$' \
|
||||
-e '\.err$' \
|
||||
-e '^.bash_history$'
|
||||
}
|
||||
|
||||
# Checks whether datadir should be initialized
|
||||
# @param <dir> datadir
|
||||
should_initialize ()
|
||||
{
|
||||
test -z "$(list_datadir "$1")"
|
||||
}
|
||||
|
||||
# If two args given first is user, second is group
|
||||
# otherwise the arg is the systemd service file
|
||||
if [ "$#" -eq 2 ]
|
||||
then
|
||||
myuser="$1"
|
||||
mygroup="$2"
|
||||
else
|
||||
# Absorb configuration settings from the specified systemd service file,
|
||||
# or the default service if not specified
|
||||
SERVICE_NAME="$1"
|
||||
if [ x"$SERVICE_NAME" = x ]
|
||||
then
|
||||
SERVICE_NAME=@DAEMON_NAME@.service
|
||||
fi
|
||||
|
||||
myuser=`systemctl show -p User "${SERVICE_NAME}" |
|
||||
sed 's/^User=//'`
|
||||
if [ x"$myuser" = x ]
|
||||
then
|
||||
myuser=mysql
|
||||
fi
|
||||
|
||||
mygroup=`systemctl show -p Group "${SERVICE_NAME}" |
|
||||
sed 's/^Group=//'`
|
||||
if [ x"$mygroup" = x ]
|
||||
then
|
||||
mygroup=mysql
|
||||
fi
|
||||
fi
|
||||
|
||||
# Set up the errlogfile with appropriate permissions
|
||||
if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a x$(dirname "$errlogfile") = "x/var/log" ]; then
|
||||
case $(basename "$errlogfile") in
|
||||
mysql*.log|mariadb*.log) install /dev/null -m0640 -o$myuser -g$mygroup "$errlogfile" ;;
|
||||
*) ;;
|
||||
esac
|
||||
else
|
||||
# Provide some advice if the log file cannot be created by this script
|
||||
errlogdir=$(dirname "$errlogfile")
|
||||
if ! [ -d "$errlogdir" ] ; then
|
||||
echo "The directory $errlogdir does not exist." >&2
|
||||
exit 1
|
||||
elif [ -e "$errlogfile" -a ! -w "$errlogfile" ] ; then
|
||||
echo "The log file $errlogfile cannot be written, please, fix its permissions." >&2
|
||||
echo "The daemon will be run under $myuser:$mygroup" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Make the data directory if doesn't exist or empty
|
||||
if should_initialize "$datadir" ; then
|
||||
# First, make sure $datadir is there with correct permissions
|
||||
# (note: if it's not, and we're not root, this'll fail ...)
|
||||
if [ ! -e "$datadir" -a ! -h "$datadir" ]
|
||||
then
|
||||
mkdir -p "$datadir" || exit 1
|
||||
fi
|
||||
chown "$myuser:$mygroup" "$datadir"
|
||||
chmod 0755 "$datadir"
|
||||
[ -x /sbin/restorecon ] && /sbin/restorecon "$datadir"
|
||||
|
||||
# Now create the database
|
||||
echo "Initializing @NICE_PROJECT_NAME@ database" >&2
|
||||
# Avoiding deletion of files not created by mysql_install_db is
|
||||
# guarded by time check and sleep should help work-arounded
|
||||
# potential issues on systems with 1 second resolution timestamps
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19
|
||||
INITDB_TIMESTAMP=`LANG=C date -u`
|
||||
sleep 1
|
||||
@bindir@/mariadb-install-db --rpm --datadir="$datadir" --user="$myuser" --skip-test-db >&2
|
||||
ret=$?
|
||||
if [ $ret -ne 0 ] ; then
|
||||
echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2
|
||||
echo "Perhaps @sysconfdir@/my.cnf is misconfigured or there is some problem with permissions of $datadir." >&2
|
||||
# Clean up any partially-created database files
|
||||
if [ ! -e "$datadir/mysql/user.frm" ] && [ -d "$datadir" ] ; then
|
||||
echo "Initialization of @NICE_PROJECT_NAME@ database was not finished successfully." >&2
|
||||
echo "Files created so far will be removed." >&2
|
||||
find "$datadir" -mindepth 1 -maxdepth 1 -newermt "$INITDB_TIMESTAMP" \
|
||||
-not -name "lost+found" -exec rm -rf {} +
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "Removing of created files was not successfull." >&2
|
||||
echo "Please, clean directory $datadir manually." >&2
|
||||
fi
|
||||
else
|
||||
echo "However, part of data has been initialized and those will not be removed." >&2
|
||||
echo "Please, clean directory $datadir manually." >&2
|
||||
fi
|
||||
exit $ret
|
||||
fi
|
||||
# upgrade does not need to be run on a fresh datadir
|
||||
echo "@VERSION@-MariaDB" >"$datadir/mysql_upgrade_info"
|
||||
else
|
||||
if [ -d "$datadir/mysql/" ] ; then
|
||||
# mysql dir exists, it seems data are initialized properly
|
||||
echo "Database @NICE_PROJECT_NAME@ is probably initialized in $datadir already, nothing is done."
|
||||
echo "If this is not the case, make sure the $datadir is empty before running `basename $0`."
|
||||
else
|
||||
# if the directory is not empty but mysql/ directory is missing, then
|
||||
# print error and let user to initialize manually or empty the directory
|
||||
echo "Database @NICE_PROJECT_NAME@ is not initialized, but the directory $datadir is not empty, so initialization cannot be done." >&2
|
||||
echo "Make sure the $datadir is empty before running `basename $0`." >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
@ -1,68 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Some useful functions used in other MariaDB helper scripts
|
||||
# This scripts defines variables datadir, errlogfile, socketfile
|
||||
|
||||
export LC_ALL=C
|
||||
|
||||
# extract value of a MariaDB option from config files
|
||||
# Usage: get_mysql_option VARNAME DEFAULT SECTION [ SECTION, ... ]
|
||||
# result is returned in $result
|
||||
# We use my_print_defaults which prints all options from multiple files,
|
||||
# with the more specific ones later; hence take the last match.
|
||||
get_mysql_option(){
|
||||
if [ $# -ne 3 ] ; then
|
||||
echo "get_mysql_option requires 3 arguments: section option default_value"
|
||||
return
|
||||
fi
|
||||
sections="$1"
|
||||
option_name="$2"
|
||||
default_value="$3"
|
||||
result=`@bindir@/my_print_defaults $my_print_defaults_extra_args $sections | sed -n "s/^--${option_name}=//p" | tail -n 1`
|
||||
if [ -z "$result" ]; then
|
||||
# not found, use default
|
||||
result="${default_value}"
|
||||
fi
|
||||
}
|
||||
|
||||
# For the case of running more instances via systemd, scripts that source
|
||||
# this file can get --default-group-suffix or similar option as the first
|
||||
# argument. The utility my_print_defaults needs to use it as well, so the
|
||||
# scripts sourcing this file work with the same options as the daemon.
|
||||
my_print_defaults_extra_args=''
|
||||
while echo "$1" | grep -q '^--defaults' ; do
|
||||
my_print_defaults_extra_args="${my_print_defaults_extra_args} $1"
|
||||
shift
|
||||
done
|
||||
|
||||
# Defaults here had better match what mariadbd-safe will default to
|
||||
# The option values are generally defined on three important places
|
||||
# on the default installation:
|
||||
# 1) default values are hardcoded in the code of mariadbd daemon or
|
||||
# mariadbd-safe script
|
||||
# 2) configurable values are defined in @sysconfdir@/my.cnf
|
||||
# 3) default values for helper scripts are specified bellow
|
||||
# So, in case values are defined in my.cnf, we need to get that value.
|
||||
# In case they are not defined in my.cnf, we need to get the same value
|
||||
# in the daemon, as in the helper scripts. Thus, default values here
|
||||
# must correspond with values defined in mariadbd-safe script and source
|
||||
# code itself.
|
||||
|
||||
server_sections="mysqld_safe mysqld server mysqld-@MAJOR_VERSION@.@MINOR_VERSION@ mariadb mariadb-@MAJOR_VERSION@.@MINOR_VERSION@ mariadbd mariadbd-@MAJOR_VERSION@.@MINOR_VERSION@ client-server galera"
|
||||
|
||||
get_mysql_option "$server_sections" datadir "@MYSQL_DATADIR@"
|
||||
datadir="$result"
|
||||
|
||||
# if there is log_error in the my.cnf, my_print_defaults still
|
||||
# returns log-error
|
||||
# log-error might be defined in mysqld_safe and mysqld sections,
|
||||
# the former has bigger priority
|
||||
get_mysql_option "$server_sections" log-error "$datadir/`uname -n`.err"
|
||||
errlogfile="$result"
|
||||
|
||||
get_mysql_option "$server_sections" socket "@MYSQL_UNIX_ADDR@"
|
||||
socketfile="$result"
|
||||
|
||||
get_mysql_option "$server_sections" pid-file "$datadir/`uname -n`.pid"
|
||||
pidfile="$result"
|
||||
|
@ -1,12 +1,11 @@
|
||||
We have some downstream patches and other scripts that include variables to
|
||||
be expanded by cmake. Cmake needs to know about them, so adding them manually.
|
||||
|
||||
# Install libgcc as mylibgcc.a
|
||||
--- mariadb-10.5.5/scripts/CMakeLists.txt.old 2020-09-24 10:13:35.272589689 +0200
|
||||
+++ mariadb-10.5.5/scripts/CMakeLists.txt 2020-09-24 10:17:31.428985798 +0200
|
||||
@@ -377,6 +377,34 @@
|
||||
INSTALL_LINK(${file} ${binname} ${INSTALL_BINDIR} ${${file}_COMPONENT})
|
||||
ENDIF()
|
||||
--- mariadb-10.3.8/scripts/CMakeLists.txt 2018-07-02 09:34:11.000000000 +0200
|
||||
+++ mariadb-10.3.8/scripts/CMakeLists.txt_patched 2018-07-03 10:58:15.954670153 +0200
|
||||
@@ -361,6 +361,34 @@ ELSE()
|
||||
COMPONENT ${${file}_COMPONENT}
|
||||
)
|
||||
ENDFOREACH()
|
||||
+
|
||||
+ # files for systemd
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,13 +0,0 @@
|
||||
diff -up mariadb-10.3.9/mysql-test/main/ssl_cipher.test.fixtest mariadb-10.3.9/mysql-test/main/ssl_cipher.test
|
||||
--- mariadb-10.3.13/mysql-test/main/ssl_cipher.test 2019-02-20 08:59:09.000000000 +0100
|
||||
+++ mariadb-10.3.13/mysql-test/main/ssl_cipher.test_patched 2019-02-22 11:22:01.250256060 +0100
|
||||
@@ -97,7 +97,9 @@ drop user mysqltest_1@localhost;
|
||||
let $restart_parameters=--ssl-cipher=AES128-SHA;
|
||||
source include/restart_mysqld.inc;
|
||||
connect (ssl_con,localhost,root,,,,,SSL);
|
||||
+--replace_regex /TLS_AES_.*/AES128-SHA/
|
||||
SHOW STATUS LIKE 'Ssl_cipher';
|
||||
+--replace_regex /TLS_AES_.*/AES128-SHA/
|
||||
SHOW STATUS LIKE 'Ssl_cipher_list';
|
||||
disconnect ssl_con;
|
||||
connection default;
|
@ -6,14 +6,13 @@
|
||||
|
||||
|
||||
# Spelling errors
|
||||
addFilter(r'spelling-error .* en_US (cnf|mysqld|benchmarking|pam|passwordless|subpackage|libmariadb|mariadbd) ')
|
||||
addFilter(r'spelling-error .* en_US (cnf|mysqld|benchmarking|pam|passwordless|subpackage|libmariadb) ')
|
||||
|
||||
# Debugsource
|
||||
addFilter(r'^mariadb.*debugsource\.[^:]+: (E|W): no-documentation')
|
||||
|
||||
# Debuginfo
|
||||
addFilter(r'^mariadb.*debuginfo\.[^:]+: (E|W): useless-provides debuginfo\(build-id\)')
|
||||
# Debug symlinks
|
||||
addFilter(r'dangling-relative-symlink /usr/lib/.build-id')
|
||||
|
||||
# Testsuite
|
||||
# Some expected tests results are zero-length files
|
||||
@ -33,9 +32,6 @@ addFilter(r'no-manual-page-for-binary')
|
||||
addFilter(r'obsolete-not-provided MySQL')
|
||||
# Provided by mariadb-connector-c
|
||||
addFilter(r'obsolete-not-provided mariadb-libs')
|
||||
# Upstream dropped support
|
||||
addFilter(r'obsolete-not-provided mariadb-bench')
|
||||
addFilter(r'obsolete-not-provided mariadb-tokudb-engine')
|
||||
|
||||
# Config file without noreplace flag
|
||||
# Don't replace logs that may contain old entries
|
||||
@ -54,26 +50,7 @@ addFilter(r'incoherent-logrotate-file /etc/logrotate.d/mariadb')
|
||||
addFilter(r'non-executable-in-bin /usr/bin/wsrep_sst_common 644')
|
||||
addFilter(r'script-without-shebang /usr/bin/wsrep_sst_common')
|
||||
addFilter(r'non-executable-script /usr/bin/wsrep_sst_common 644 None')
|
||||
# mariadb-scripts-common has a similar issue
|
||||
addFilter(r'non-executable-script /usr/libexec/mariadb-scripts-common 644 /bin/sh')
|
||||
# mysql-scripts-common has a simmilar issue
|
||||
addFilter(r'non-executable-script /usr/libexec/mysql-scripts-common 644 /bin/sh')
|
||||
# Seems pretty standard to me ...
|
||||
addFilter(r'non-standard-dir-perm /var/log/mariadb 750')
|
||||
# 640 is IMO also prety OK
|
||||
addFilter(r'non-readable /etc/sysconfig/clustercheck 640')
|
||||
|
||||
# Unversioned bundles
|
||||
# RocksDB has so rapid developement, it it not compatible through versions.
|
||||
# That means we need to stick to the exact verison upstream use.
|
||||
addFilter(r'unversioned-explicit-provides bundled\(rocksdb\)')
|
||||
|
||||
# Testsuite errors
|
||||
addFilter(r'non-executable-script /usr/share/mysql-test')
|
||||
addFilter(r'arch-dependent-file-in-usr-share /usr/share/mysql-test')
|
||||
|
||||
# Comments at the end of RPM %endif tags
|
||||
addFilter(r'extra tokens at the end of %endif directive')
|
||||
|
||||
# PAM plugin specialities - all expected
|
||||
addFilter(r'non-conffile-in-etc /etc/security/user_map.conf')
|
||||
addFilter(r'setuid-binary /usr/lib64/mariadb/plugin/auth_pam_tool_dir/auth_pam_tool')
|
||||
addFilter(r'non-standard-executable-perm /usr/lib64/mariadb/plugin/auth_pam_tool_dir/auth_pam_tool')
|
||||
|
922
mariadb.spec
922
mariadb.spec
File diff suppressed because it is too large
Load Diff
@ -1,3 +0,0 @@
|
||||
# Do not edit this file.
|
||||
# To override this, put /etc/tmpfiles.d/mariadb.conf instead.
|
||||
d @PID_FILE_DIR@ 0755 mysql mysql -
|
@ -1,2 +1,3 @@
|
||||
# Fails since 10.3.17, only on armv7hl
|
||||
versioning.partition :
|
||||
# Fails on aarch64
|
||||
innodb.innodb_buffer_pool_resize :
|
||||
innodb.innodb_buffer_pool_resize_with_chunks :
|
||||
|
@ -1,12 +1,18 @@
|
||||
# The SSL test are failing correctly. Fro more explanation, see:
|
||||
# https://jira.mariadb.org/browse/MDEV-8404?focusedCommentId=84275&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-84275
|
||||
main.ssl_7937 : #1399847
|
||||
main.ssl_8k_key :
|
||||
main.ssl_crl : #1399847
|
||||
# Fails everywhere
|
||||
innodb.innodb_defrag_binlog :
|
||||
|
||||
main.ssl_7937 :
|
||||
main.ssl_8k_key :
|
||||
main.ssl_crl :
|
||||
main.ssl_system_ca :
|
||||
main.userstat :
|
||||
|
||||
# ------------------------------
|
||||
# Tests that fails because of 'Self Signed Certificate in the Certificate Chain'
|
||||
perfschema.cnf_option :
|
||||
perfschema.nesting :
|
||||
perfschema.socket_summary_by_event_name_func :
|
||||
perfschema.socket_summary_by_instance_func :
|
||||
|
||||
plugins.feedback_plugin_load :
|
||||
|
||||
rpl.rpl_row_img_blobs :
|
||||
rpl.rpl_row_img_eng_min :
|
||||
@ -14,41 +20,8 @@ rpl.rpl_row_img_eng_noblob :
|
||||
|
||||
sys_vars.slave_parallel_threads_basic :
|
||||
|
||||
# ------------------------------
|
||||
# Expected to fail, the plugin is not build with server, but 'mariadb-connector-c' instead
|
||||
# Fails only on i686
|
||||
main.myisampack :
|
||||
|
||||
# We don't build the plugin in server; we build it in mariadb-connector-c instead
|
||||
plugins.auth_ed25519 :
|
||||
plugins.multiauth :
|
||||
|
||||
# ------------------------------
|
||||
perfschema.nesting : #1399847
|
||||
perfschema.socket_summary_by_instance_func : #1399847
|
||||
perfschema.socket_summary_by_event_name_func :
|
||||
|
||||
# ------------------------------
|
||||
# Fails since 10.1.12
|
||||
innodb.innodb_defrag_binlog :
|
||||
|
||||
# Fails everywhere since 10.2.15
|
||||
main.userstat :
|
||||
|
||||
# Fails everywhere since 10.4.11
|
||||
main.events_bugs :
|
||||
sys_vars.tcp_nodelay :
|
||||
|
||||
# Fails on i686
|
||||
encryption.innodb-redo-badkey :
|
||||
|
||||
# Fails since 10.5.2
|
||||
main.mysqld--help2 :
|
||||
disks.disks :
|
||||
disks.disks_notembedded :
|
||||
|
||||
# Fails since 10.5.3
|
||||
main.mysqld--help-aria :
|
||||
|
||||
# Fails since 10.5.4
|
||||
main.ssl_system_ca :
|
||||
|
||||
# Fails since 10.5.7
|
||||
innodb.innodb_wl6326_big :
|
||||
plugins.feedback_plugin_load :
|
||||
|
@ -1,5 +1,30 @@
|
||||
# Fails on ppc64le since 10.4.12
|
||||
oqgraph.social :
|
||||
# Fails on ppc64le
|
||||
parts.partition_alter1_1_innodb :
|
||||
parts.partition_alter1_2_innodb :
|
||||
parts.partition_alter1_1_2_innodb :
|
||||
parts.partition_alter1_2_1_innodb :
|
||||
parts.partition_alter2_1_1_innodb :
|
||||
parts.partition_alter1_2_2_innodb :
|
||||
parts.partition_alter2_1_2_innodb :
|
||||
parts.partition_alter2_2_1_innodb :
|
||||
parts.partition_alter2_2_2_innodb :
|
||||
parts.partition_alter4_innodb :
|
||||
parts.partition_basic_innodb :
|
||||
parts.part_supported_sql_func_innodb :
|
||||
|
||||
# Fails since 10.5.2
|
||||
rh-skipped-tests-ppc.list :
|
||||
rpl.rpl_loaddata_m :
|
||||
|
||||
#
|
||||
stress.ddl_innodb :
|
||||
|
||||
innodb.innodb_buffer_pool_resize :
|
||||
innodb.innodb_buffer_pool_resize_with_chunks :
|
||||
innodb.innodb_bulk_create_index :
|
||||
innodb.innodb_defrag_binlog :
|
||||
innodb.innodb_defrag_concurrent :
|
||||
innodb_gis.kill_server :
|
||||
gcol.innodb_virtual_basic :
|
||||
|
||||
# Unstable (randomly failing) tests
|
||||
innodb_gis.rtree_search :
|
||||
main.type_ranges :
|
||||
|
@ -1,3 +1,8 @@
|
||||
# Fails since 10.5.2
|
||||
perfschema.memory_aggregate_32bit :
|
||||
period.overlaps :
|
||||
# Fails on s390x
|
||||
disks.disks :
|
||||
disks.disks_notembedded :
|
||||
|
||||
# related to MDEV-20194
|
||||
# first check of `undefined` table causes warning,
|
||||
# instead INSERT and ALTER should cause it
|
||||
innodb.row_size_error_log_warnings_3 :
|
||||
|
@ -1,50 +0,0 @@
|
||||
# Set up global ignore list
|
||||
ignore:
|
||||
# mysql-test/ directory contains an extensive test-suite of about 20.000 files;
|
||||
# It is very time consuming to be fully analysed and the results aren't useful anyway
|
||||
# It is expected the tests change during rebases, as the underlying functionality the test evolve
|
||||
# Some of the tests contain broken or problematic code, however that is on purpose
|
||||
- /usr/share/mysql-test/
|
||||
|
||||
# based on https://lists.launchpad.net/maria-discuss/msg06133.html discussion
|
||||
# are the invalid xmls (except for Index.xml) present in the sources on purpose
|
||||
# and they can be removed from xmllint rpminspect check in the CI process.
|
||||
#
|
||||
# A bug report [https://jira.mariadb.org/browse/MDEV-26905] was created in the upstream
|
||||
# for the Index.xml file.
|
||||
#
|
||||
# Fedora CI picks up the rpmlimspect.yaml for specific package in the dist-git repo
|
||||
#[ref: https://rpminspect.readthedocs.io/en/latest/configuration.html#rpminspect-yaml]
|
||||
#
|
||||
xml:
|
||||
ignore:
|
||||
- /usr/share/mysql-test/std_data/loadxml.dat
|
||||
- /usr/share/mysql-test/std_data/loaddata/mdev9874.xml
|
||||
- /usr/share/mysql-test/std_data/ldml/Index.xml
|
||||
- /usr/share/mysql-test/plugin/sphinx/sphinx/testdata.xml
|
||||
- /usr/share/mysql-test/plugin/connect/connect/std_data/nocs.xml
|
||||
- /usr/share/mariadb/charsets/Index.xml
|
||||
|
||||
# ignore bad functions in resolveip binary, based on BZ1973194
|
||||
# all forbidden functions listed in main rpminspect config
|
||||
# have to be menioned also here, else it would not be checked for them
|
||||
badfuncs:
|
||||
- gethostbyname
|
||||
- gethostbyname2
|
||||
- gethostbyaddr
|
||||
- inet_addr
|
||||
- inet_aton
|
||||
- inet_nsap_addr
|
||||
- inet_ntoa
|
||||
- inet_nsap_ntoa
|
||||
- inet_makeaddr
|
||||
- inet_netof
|
||||
- inet_network
|
||||
- inet_neta
|
||||
- inet_net_ntop
|
||||
- inet_net_pton
|
||||
- rcmd
|
||||
- rexec
|
||||
- rresvport
|
||||
ignore:
|
||||
- /usr/bin/resolveip
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (mariadb-10.5.8.tar.gz) = 9801a68440a3502b49655e34dcbfd09734f4a4f1ba8621ed9b895e194cea461a8c69fb0ff66488d5defd3065b43f73e5083a60142e11cc7e4a442f86769b06e5
|
||||
SHA512 (mariadb-10.3.35.tar.gz) = 9355de944eccef4e0bc01b19ffc3c0c72cf88befae7385c6f0ee1ea47dbd98d23f6bb46af9c140acc48d9d9613552870684bc0b7ca1f3cff1dc09c1a2c801573
|
||||
|
Loading…
Reference in New Issue
Block a user