Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/mariadb.git#a5d57f35209c105ef3990f18005bae9582f342fa
This commit is contained in:
DistroBaker
parent
5805483d45
commit
56ba4d0668
@ -1,29 +0,0 @@
|
||||
This scirpt is ran by the systemd service.
|
||||
In Fedora the service has priviledges dropped to the mysql user.
|
||||
Thus "chown 0" will always fail
|
||||
|
||||
Never parse 'ls' output!
|
||||
http://mywiki.wooledge.org/BashFAQ/087
|
||||
|
||||
--- mariadb-10.4.12/scripts/mysql_install_db.sh 2020-01-26 21:43:53.000000000 +0100
|
||||
+++ mariadb-10.4.12/scripts/mysql_install_db.sh_patched 2020-01-29 11:11:09.448812331 +0100
|
||||
@@ -482,13 +482,16 @@ if test -n "$user"
|
||||
then
|
||||
if test -z "$srcdir" -a "$in_rpm" -eq 0
|
||||
then
|
||||
- chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
|
||||
- chmod 04755 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool"
|
||||
- if test $? -ne 0
|
||||
+ if [ `stat "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" -c %u` -ne 0 ]
|
||||
then
|
||||
+ chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
|
||||
+ chmod 04755 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool"
|
||||
+ if test $? -ne 0
|
||||
+ then
|
||||
echo "Couldn't set an owner to '$pamtooldir/auth_pam_tool_dir/auth_pam_tool'."
|
||||
echo "It must be root, the PAM authentication plugin doesn't work otherwise.."
|
||||
echo
|
||||
+ fi
|
||||
fi
|
||||
chown $user "$pamtooldir/auth_pam_tool_dir" && \
|
||||
chmod 0700 "$pamtooldir/auth_pam_tool_dir"
|
||||
File diff suppressed because it is too large
Load Diff
94
mariadb.spec
94
mariadb.spec
@ -61,6 +61,9 @@
|
||||
# hierarchies and more complex graph structures to be handled in a relational fashion
|
||||
%bcond_without oqgraph
|
||||
|
||||
# PAM authentication plugin
|
||||
%bcond_without pam
|
||||
|
||||
# Other plugins
|
||||
# S3 storage engine
|
||||
# https://mariadb.com/kb/en/s3-storage-engine/
|
||||
@ -158,7 +161,7 @@
|
||||
|
||||
Name: mariadb
|
||||
Version: 10.5.9
|
||||
Release: 1%{?with_debug:.debug}%{?dist}
|
||||
Release: 5%{?with_debug:.debug}%{?dist}
|
||||
Epoch: 3
|
||||
|
||||
Summary: A very fast and robust SQL database server
|
||||
@ -216,12 +219,8 @@ Patch9: %{pkgnamepatch}-ownsetup.patch
|
||||
Patch10: %{pkgnamepatch}-ssl-cipher-tests.patch
|
||||
# Patch11: Use PCDIR CMake option, if configured
|
||||
Patch11: %{pkgnamepatch}-pcdir.patch
|
||||
# Patch13: Fix Spider code on armv7hl; https://jira.mariadb.org/browse/MDEV-18737
|
||||
Patch13: %{pkgnamepatch}-spider_on_armv7hl.patch
|
||||
# Patch15: Add option to edit groonga's and groonga-normalizer-mysql install path
|
||||
Patch15: %{pkgnamepatch}-groonga.patch
|
||||
# Patch16: Workaround for "chown 0" with priviledges dropped to "mysql" user
|
||||
Patch16: %{pkgnamepatch}-auth_pam_tool_dir.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: cmake gcc-c++
|
||||
@ -246,8 +245,6 @@ BuildRequires: bison bison-devel
|
||||
|
||||
%{?with_debug:BuildRequires: valgrind-devel}
|
||||
|
||||
# auth_pam.so plugin will be build if pam-devel is installed
|
||||
BuildRequires: pam-devel
|
||||
# use either new enough version of pcre2 or provide bundles(pcre2)
|
||||
%{?with_unbundled_pcre:BuildRequires: pcre2-devel >= 10.34 pkgconf}
|
||||
%{!?with_unbundled_pcre:Provides: bundled(pcre2) = %{pcre_bundled_version}}
|
||||
@ -449,6 +446,7 @@ Recommends: %{name}-backup%{?_isa} = %{sameevr}
|
||||
%{?with_sphinx:Suggests: %{name}-sphinx-engine%{?_isa} = %{sameevr}}
|
||||
%{?with_oqgraph:Suggests: %{name}-oqgraph-engine%{?_isa} = %{sameevr}}
|
||||
%{?with_connect:Suggests: %{name}-connect-engine%{?_isa} = %{sameevr}}
|
||||
%{?with_pam:Suggests: %{name}-pam%{?_isa} = %{sameevr}}
|
||||
|
||||
Suggests: mytop
|
||||
Suggests: logrotate
|
||||
@ -593,6 +591,21 @@ This plugin includes support for Kerberos on Unix.
|
||||
%endif
|
||||
|
||||
|
||||
%if %{with pam}
|
||||
%package pam
|
||||
Summary: PAM authentication plugin for the MariaDB server
|
||||
|
||||
Requires: %{name}-server%{?_isa} = %{sameevr}
|
||||
# This subpackage NEED the 'mysql' user/group (created during mariadb-server %pre) to be available prior installation
|
||||
Requires(pre): %{name}-server%{?_isa} = %{sameevr}
|
||||
|
||||
BuildRequires: pam-devel
|
||||
|
||||
%description pam
|
||||
PAM authentication server-side plugin for MariaDB.
|
||||
%endif
|
||||
|
||||
|
||||
%if %{with sphinx}
|
||||
%package sphinx-engine
|
||||
Summary: The Sphinx storage engine for MariaDB
|
||||
@ -752,9 +765,7 @@ rm -r storage/rocksdb/
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
#%patch13 -p1
|
||||
%patch15 -p1
|
||||
%patch16 -p1
|
||||
|
||||
# generate a list of tests that fail, but are not disabled by upstream
|
||||
cat %{SOURCE50} | tee -a mysql-test/unstable-tests
|
||||
@ -972,24 +983,30 @@ rm %{_vpath_builddir}/scripts/my.cnf
|
||||
# use different config file name for each variant of server (mariadb / mysql)
|
||||
mv %{buildroot}%{_sysconfdir}/my.cnf.d/server.cnf %{buildroot}%{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf
|
||||
|
||||
# remove SysV init script and a symlink to that, we use systemd
|
||||
# Remove upstream SysV init script and a symlink to that, we use systemd
|
||||
rm %{buildroot}%{_libexecdir}/rcmysql
|
||||
# Remove upstream Systemd service files
|
||||
rm -r %{buildroot}%{_datadir}/%{pkg_name}/systemd
|
||||
# Our downstream Systemd service file have set aliases to the "mysql" names in the [Install] section.
|
||||
# They can be enabled / disabled by "systemctl enable / diable <service_name>"
|
||||
rm %{buildroot}%{_unitdir}/{mysql,mysqld}.service
|
||||
|
||||
# install systemd unit files and scripts for handling server startup
|
||||
install -D -p -m 644 %{_vpath_builddir}/scripts/mysql.service %{buildroot}%{_unitdir}/%{daemon_name}.service
|
||||
install -D -p -m 644 %{_vpath_builddir}/scripts/mysql@.service %{buildroot}%{_unitdir}/%{daemon_name}@.service
|
||||
|
||||
# Install downstream version of tmpfiles
|
||||
install -D -p -m 0644 %{_vpath_builddir}/scripts/mysql.tmpfiles.d %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
||||
%if 0%{?mysqld_pid_dir:1}
|
||||
echo "d %{pidfiledir} 0755 mysql mysql -" >>%{buildroot}%{_tmpfilesdir}/%{name}.conf
|
||||
%endif
|
||||
|
||||
# helper scripts for service starting
|
||||
install -p -m 755 %{_vpath_builddir}/scripts/mysql-prepare-db-dir %{buildroot}%{_libexecdir}/mysql-prepare-db-dir
|
||||
install -p -m 755 %{_vpath_builddir}/scripts/mysql-check-socket %{buildroot}%{_libexecdir}/mysql-check-socket
|
||||
install -p -m 755 %{_vpath_builddir}/scripts/mysql-check-upgrade %{buildroot}%{_libexecdir}/mysql-check-upgrade
|
||||
install -p -m 644 %{_vpath_builddir}/scripts/mysql-scripts-common %{buildroot}%{_libexecdir}/mysql-scripts-common
|
||||
|
||||
# Install downstream version of tmpfiles
|
||||
install -D -p -m 0644 %{_vpath_builddir}/scripts/mysql.tmpfiles.d %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
||||
%if 0%{?mysqld_pid_dir:1}
|
||||
echo "d %{pidfiledir} 0755 mysql mysql -" >>%{buildroot}%{_tmpfilesdir}/%{name}.conf
|
||||
%endif
|
||||
|
||||
# install aditional galera selinux policy
|
||||
%if %{with galera}
|
||||
install -p -m 644 -D selinux/%{name}-server-galera.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp
|
||||
@ -1048,12 +1065,6 @@ install -p -m 0644 %{SOURCE7} %{basename:%{SOURCE7}}
|
||||
install -p -m 0644 %{SOURCE16} %{basename:%{SOURCE16}}
|
||||
install -p -m 0644 %{SOURCE71} %{basename:%{SOURCE71}}
|
||||
|
||||
# Delete upstreams service files
|
||||
# We don't use this location of service files
|
||||
rm %{buildroot}%{_datadir}/%{pkg_name}/systemd/{mysql,mysqld}.service
|
||||
# These may come handy in a future, but right now we use our own services
|
||||
rm %{buildroot}/usr/lib/systemd/system/{mysql,mysqld}.service
|
||||
|
||||
# install galera config file
|
||||
%if %{with galera}
|
||||
sed -i -r 's|^wsrep_provider=none|wsrep_provider=%{_libdir}/galera/libgalera_smm.so|' %{_vpath_builddir}/support-files/wsrep.cnf
|
||||
@ -1391,7 +1402,6 @@ fi
|
||||
%{_bindir}/clustercheck
|
||||
%{_bindir}/galera_new_cluster
|
||||
%{_bindir}/galera_recovery
|
||||
%{_datadir}/%{pkg_name}/systemd/use_galera_new_cluster.conf
|
||||
%config(noreplace) %{_sysconfdir}/my.cnf.d/galera.cnf
|
||||
%attr(0640,root,root) %ghost %config(noreplace) %{_sysconfdir}/sysconfig/clustercheck
|
||||
%{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp
|
||||
@ -1439,10 +1449,7 @@ fi
|
||||
|
||||
%dir %{_libdir}/%{pkg_name}
|
||||
%dir %{_libdir}/%{pkg_name}/plugin
|
||||
# Change from root:root to mysql:mysql, so it can be accessed by the server
|
||||
%attr(0755,mysql,mysql) %dir %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir
|
||||
%{_libdir}/security/pam_user_map.so
|
||||
%{_sysconfdir}/security/user_map.conf
|
||||
|
||||
%{_libdir}/%{pkg_name}/plugin/*
|
||||
%{?with_oqgraph:%exclude %{_libdir}/%{pkg_name}/plugin/ha_oqgraph.so}
|
||||
%{?with_connect:%exclude %{_libdir}/%{pkg_name}/plugin/ha_connect.so}
|
||||
@ -1457,6 +1464,11 @@ fi
|
||||
%exclude %{_libdir}/%{pkg_name}/plugin/mysql_clear_password.so
|
||||
%endif
|
||||
|
||||
# PAM plugin; moved to a standalone sub-package
|
||||
%exclude %{_libdir}/%{pkg_name}/plugin/{auth_pam_v1.so,auth_pam.so}
|
||||
%exclude %dir %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir
|
||||
%exclude %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir/auth_pam_tool
|
||||
|
||||
%{_mandir}/man1/aria_{chk,dump_log,ftdump,pack,read_log}.1*
|
||||
%{_mandir}/man1/galera_new_cluster.1*
|
||||
%{_mandir}/man1/galera_recovery.1*
|
||||
@ -1511,11 +1523,6 @@ fi
|
||||
%{_datadir}/%{pkg_name}/policy/selinux/README
|
||||
%{_datadir}/%{pkg_name}/policy/selinux/mariadb-server.*
|
||||
%{_datadir}/%{pkg_name}/policy/selinux/mariadb.*
|
||||
%{_datadir}/%{pkg_name}/systemd/mariadb.service
|
||||
# mariadb@ is installed only when we have cmake newer than 3.3
|
||||
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||
%{_datadir}/%{pkg_name}/systemd/mariadb@.service
|
||||
%endif
|
||||
|
||||
%{_unitdir}/%{daemon_name}*
|
||||
%{?with_tokudb:%exclude %{_unitdir}/mariadb.service.d/tokudb.conf}
|
||||
@ -1578,6 +1585,16 @@ fi
|
||||
%config(noreplace) %{_sysconfdir}/my.cnf.d/auth_gssapi.cnf
|
||||
%endif
|
||||
|
||||
%if %{with pam}
|
||||
%files pam
|
||||
%{_libdir}/%{pkg_name}/plugin/{auth_pam_v1.so,auth_pam.so}
|
||||
%attr(0755,root,root) %dir %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir
|
||||
# SUID-to-root binary. Access MUST be restricted (https://jira.mariadb.org/browse/MDEV-25126)
|
||||
%attr(4750,root,mysql) %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir/auth_pam_tool
|
||||
%{_libdir}/security/pam_user_map.so
|
||||
%{_sysconfdir}/security/user_map.conf
|
||||
%endif
|
||||
|
||||
%if %{with sphinx}
|
||||
%files sphinx-engine
|
||||
%{_libdir}/%{pkg_name}/plugin/ha_sphinx.so
|
||||
@ -1663,6 +1680,19 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Mar 30 2021 Jonathan Wakely <jwakely@redhat.com> - 3:10.5.9-5
|
||||
- Rebuilt for removed libstdc++ symbol (#1937698)
|
||||
|
||||
* Thu Mar 18 2021 Michal Schorm <mschorm@redhat.com> - 10.5.9-4
|
||||
- Move PAM plugin to standalone subpackage
|
||||
|
||||
* Thu Mar 18 2021 Michal Schorm <mschorm@redhat.com> - 10.5.9-3
|
||||
- Fixed permissions on files from PAMv2 plugin
|
||||
|
||||
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 3:10.5.9-2
|
||||
- Rebuilt for updated systemd-rpm-macros
|
||||
See https://pagure.io/fesco/issue/2583.
|
||||
|
||||
* Wed Feb 24 2021 Michal Schorm <mschorm@redhat.com> - 10.5.9-1
|
||||
- Rebase to 10.5.9
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user