diff --git a/mariadb-logrotate.patch b/mariadb-logrotate.patch index 9be0c99..a495c07 100644 --- a/mariadb-logrotate.patch +++ b/mariadb-logrotate.patch @@ -59,7 +59,7 @@ Update 3/2017 - endscript -} +# Then, un-comment the following lines to enable rotation of mysql's log file: -+#@LOG_LOCATION@/mysqld.log { ++#@LOG_LOCATION@ { +# create 600 mysql mysql +# notifempty +# daily diff --git a/mariadb.rpmlintrc b/mariadb.rpmlintrc new file mode 100644 index 0000000..74911d2 --- /dev/null +++ b/mariadb.rpmlintrc @@ -0,0 +1,31 @@ +# THIS FILE SERVES FOR WHITELISTING RPMLINT ERRORS AND WARNINGS IN TASKOTRON +# https://fedoraproject.org/wiki/Taskotron/Tasks/dist.rpmlint#Whitelisting_errors + +# (same file in python3 package served as a great example) + + + +# Spelling errors +addFilter(r'spelling-error .* en_US (cnf|mysqld|benchmarking|pam|passwordless|subpackage) ') + +# Debugsource +addFilter(r'^mariadb.*debugsource\.[^:]+: (E|W): no-documentation') + +# Debuginfo +addFilter(r'^mariadb.*debuginfo\.[^:]+: (E|W): useless-provides debuginfo\(build-id\)') + +# Testsuite +# Some expected tests results are zero-length files +addFilter(r'(zero-length|pem-certificate) /usr/share/mysql-test/*') + +# Chroot function +# False positive; checked by upstream +addFilter(r'missing-call-to-chdir-with-chroot') + +# Missing documentation +# I don't think that's on the upstream priority list +addFilter(r'no-documentation') + +# Obsoleted not provided +# Obsoleting upstream packages, not providing them is expected to not mix them up +addFilter(r'obsolete-not-provided MySQL') diff --git a/mariadb.spec b/mariadb.spec index 1829335..582d485 100644 --- a/mariadb.spec +++ b/mariadb.spec @@ -16,9 +16,15 @@ # Turn that off to ensure such files don't get included in RPMs (cf bz#884755). %global _default_patch_flags --no-backup-if-mismatch + + # TokuDB engine # https://mariadb.com/kb/en/mariadb/tokudb/ # TokuDB engine is available only for x86_64 +# * There's a problem currently with jemalloc, which tokudb use. +# TokuDB does not yet support new Jemalloc 5, but on F>=28, there's only Jemalloc 5. Not a supported configuration. +# * Disabling build of TokuDB with Jemalloc 5 since it doesn't work. https://jira.percona.com/browse/PS-4393 +# Also build of TokuDB without Jemalloc is not supported. # Mroonga engine # https://mariadb.com/kb/en/mariadb/about-mroonga/ # Actual version in MariaDB, 5.04, only supports the x86_64 @@ -26,8 +32,12 @@ # RocksDB engine # https://mariadb.com/kb/en/library/myrocks-supported-platforms/ # RocksB engine is available only for x86_64 -%ifarch x86_64 +%if %_arch == x86_64 && 0%{?fedora} +%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 +%bcond_with tokudb +%else %bcond_without tokudb +%endif %bcond_without mroonga %bcond_without rocksdb %else @@ -41,12 +51,16 @@ %bcond_without oqgraph # Other plugins -# Allow to override the values outside of spec -# https://github.com/rpm-software-management/rpm/blob/34c2ba3c/macros.in#L100-L141 -%{!?_with_cracklib: %{!?_without_cracklib: %bcond_without cracklib}} -%{!?_with_gssapi: %{!?_without_gssapi: %bcond_without gssapi}} -%{!?_with_connect: %{!?_without_sphinx: %bcond_without connect}} -%{!?_with_sphinx: %{!?_without_sphinx: %bcond_without sphinx}} +%if 0%{?fedora} +%bcond_without cracklib +%bcond_without connect +%bcond_without sphinx +%else +%bcond_with cracklib +%bcond_with connect +%bcond_with sphinx +%endif +%bcond_without gssapi # For some use cases we do not need some parts of the package. Set to "...with" to exclude %if 0%{?fedora} >= 28 || 0%{?rhel} > 7 @@ -72,14 +86,19 @@ # For deep debugging we need to build binaries with extra debug info %bcond_with debug +# Page compression algorithms for InnoDB & XtraDB +# lz4 currently cannot be turned off by CMake, only by not having lz4-devel package in the buildroot +# https://jira.mariadb.org/browse/MDEV-15932 +%bcond_without lz4 + # MariaDB 10.0 and later requires pcre >= 8.35, otherwise we need to use # the bundled library, since the package cannot be build with older version %if 0%{?fedora} || 0%{?rhel} > 7 -%bcond_without bundled_pcre +%bcond_without unbundled_pcre %else -%bcond_with bundled_pcre +%bcond_with unbundled_pcre %global pcre_bundled_version 8.41 %endif @@ -112,8 +131,13 @@ %global obsoleted_mariadb_galera_server_evr 1:10.0.17-6 # Provide mysql names for compatibility +%if 0%{?fedora} %bcond_without mysql_names %bcond_without conflicts +%else +%bcond_with mysql_names +%bcond_with conflicts +%endif # Make long macros shorter %global sameevr %{epoch}:%{version}-%{release} @@ -171,11 +195,14 @@ Patch37: %{pkgnamepatch}-notestdb.patch Patch40: %{pkgnamepatch}-galera.cnf.patch BuildRequires: cmake gcc-c++ -BuildRequires: zlib-devel BuildRequires: multilib-rpm-config BuildRequires: selinux-policy-devel BuildRequires: systemd systemd-devel +# Page compression algorithms for InnoDB & XtraDB +BuildRequires: zlib-devel +%{?with_lz4:BuildRequires: lz4-devel} + # TokuDB and some core stuff BuildRequires: jemalloc-devel @@ -193,8 +220,8 @@ BuildRequires: bison bison-devel # auth_pam.so plugin will be build if pam-devel is installed BuildRequires: pam-devel # use either new enough version of pcre or provide bundles(pcre) -%{?with_bundled_pcre:BuildRequires: pcre-devel >= 8.35 pkgconf} -%{!?with_bundled_pcre:Provides: bundled(pcre) = %{pcre_bundled_version}} +%{?with_unbundled_pcre:BuildRequires: pcre-devel >= 8.35 pkgconf} +%{!?with_unbundled_pcre:Provides: bundled(pcre) = %{pcre_bundled_version}} # Few utilities needs Perl %if 0%{?fedora} || 0%{?rhel} > 7 BuildRequires: perl-interpreter @@ -378,10 +405,10 @@ Requires: %{name}-common%{?_isa} = %{sameevr} Requires: %{name}-errmsg%{?_isa} = %{sameevr} Recommends: %{name}-server-utils%{?_isa} = %{sameevr} Recommends: %{name}-backup%{?_isa} = %{sameevr} -Recommends: %{name}-craclkib-password-check%{?_isa} = %{sameevr} -Recommends: %{name}-gssapi-server%{?_isa} = %{sameevr} -Recommends: %{name}-rocksdb-engine%{?_isa} = %{sameevr} -Recommends: %{name}-tokudb-engine%{?_isa} = %{sameevr} +%{?with_cracklib:Recommends: %{name}-cracklib-password-check%{?_isa} = %{sameevr}} +%{?with_gssapi:Recommends: %{name}-gssapi-server%{?_isa} = %{sameevr}} +%{?with_rocksdb:Recommends: %{name}-rocksdb-engine%{?_isa} = %{sameevr}} +%{?with_tokudb:Recommends: %{name}-tokudb-engine%{?_isa} = %{sameevr}} Suggests: mytop @@ -478,6 +505,7 @@ The RocksDB storage engine is used for high performance servers on SSD drives. %package tokudb-engine Summary: The TokuDB storage engine for MariaDB Requires: %{name}-server%{?_isa} = %{sameevr} +Requires: jemalloc %description tokudb-engine The TokuDB storage engine from Percona. @@ -709,7 +737,7 @@ sed 's/mariadb-server-galera/%{name}-server-galera/' %{SOURCE72} > selinux/%{nam pcre_maj=`grep '^m4_define(pcre_major' pcre/configure.ac | sed -r 's/^m4_define\(pcre_major, \[([0-9]+)\]\)/\1/'` pcre_min=`grep '^m4_define(pcre_minor' pcre/configure.ac | sed -r 's/^m4_define\(pcre_minor, \[([0-9]+)\]\)/\1/'` -%if %{without bundled_pcre} +%if %{without unbundled_pcre} # Check if the PCRE version in macro 'pcre_bundled_version', used in Provides: bundled(...), is the same version as upstream actually bundles if [ %{pcre_bundled_version} != "$pcre_maj.$pcre_min" ] then @@ -806,7 +834,9 @@ export CFLAGS CXXFLAGS -DCONC_WITH_SSL=%{?with_clibrary:ON}%{!?with_clibrary:NO} \ -DWITH_SSL=system \ -DWITH_ZLIB=system \ - -DWITH_JEMALLOC=no \ + -DWITH_JEMALLOC=yes \ + -DLZ4_LIBS=%{_libdir}/liblz4.so \ + -DWITH_INNODB_LZ4=%{?with_lz4:ON}%{!?with_lz4:OFF} \ -DPLUGIN_MROONGA=%{?with_mroonga:DYNAMIC}%{!?with_mroonga:NO} \ -DPLUGIN_OQGRAPH=%{?with_oqgraph:DYNAMIC}%{!?with_oqgraph:NO} \ -DPLUGIN_CRACKLIB_PASSWORD_CHECK=%{?with_cracklib:DYNAMIC}%{!?with_cracklib:NO} \ @@ -819,12 +849,12 @@ export CFLAGS CXXFLAGS %{?with_debug: -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=OFF -DWITH_INNODB_EXTRA_DEBUG=ON -DWITH_VALGRIND=ON} # Print all Cmake options values +# cmake -LAH for List Advanced Help cmake -L make %{?_smp_mflags} VERBOSE=1 - # build selinux policy %if %{with galera} pushd selinux @@ -843,7 +873,8 @@ ln -s mysql_config.1.gz %{buildroot}%{_mandir}/man1/mariadb_config.1.gz # multilib support for shell scripts # we only apply this to known Red Hat multilib arches, per bug #181335 -if %multilib_capable; then +if [ %multilib_capable ] +then mv %{buildroot}%{_bindir}/mysql_config %{buildroot}%{_bindir}/mysql_config-%{__isa_bits} install -p -m 0755 scripts/mysql_config_multilib %{buildroot}%{_bindir}/mysql_config # Copy manual page for multilib mysql_config; https://jira.mariadb.org/browse/MDEV-11961 @@ -1033,6 +1064,12 @@ mysqldump,mysqlimport,mysqlshow,mysqlslap}.1* # because upstream ships manpages for tokudb even on architectures that tokudb doesn't support rm %{buildroot}%{_mandir}/man1/tokuftdump.1* rm %{buildroot}%{_mandir}/man1/tokuft_logdump.1* +%else +%if 0%{?fedora} >= 28 || 0%{?rhel} > 7 +echo 'Environment="LD_PRELOAD=%{_libdir}/libjemalloc.so.2"' >> %{buildroot}%{_sysconfdir}/systemd/system/mariadb.service.d/tokudb.conf +%endif +# Move to better location, systemd config files has to be in /lib/ +mv %{buildroot}%{_sysconfdir}/systemd/system/mariadb.service.d %{buildroot}/usr/lib/systemd/system/ %endif %if %{without config} @@ -1107,15 +1144,26 @@ export MTR_BUILD_THREAD=%{__isa_bits} set -ex cd mysql-test - perl ./mysql-test-run.pl --force --retry=0 --ssl \ - --suite-timeout=720 --testcase-timeout=30 \ + perl ./mysql-test-run.pl --force --retry=1 --ssl \ + --suite-timeout=900 --testcase-timeout=30 \ --mysqld=--binlog-format=mixed --force-restart \ --shutdown-timeout=60 --max-test-fail=0 --big-test \ + --skip-test=spider \ %if %{ignore_testsuite_result} || : %else --skip-test-list=unstable-tests %endif + +# Second run for the SPIDER suites that fail with SCA (ssl self signed certificate) + perl ./mysql-test-run.pl --force --retry=1 \ + --suite-timeout=900 --testcase-timeout=30 \ + --mysqld=--binlog-format=mixed --force-restart \ + --shutdown-timeout=60 --max-test-fail=0 --big-test \ + --skip-ssl --suite=spider,spider/bg \ +%if %{ignore_testsuite_result} + || : +%endif ) %endif # if dry run @@ -1429,6 +1477,7 @@ fi %{_mandir}/man1/tokuft_logdump.1* %config(noreplace) %{_sysconfdir}/my.cnf.d/tokudb.cnf %{_libdir}/%{pkg_name}/plugin/ha_tokudb.so +/usr/lib/systemd/system/mariadb.service.d/tokudb.conf %endif %if %{with gssapi} @@ -1526,6 +1575,17 @@ fi %endif %changelog +* Wed May 23 2018 Michal Schorm - 3:10.2.15-1 +- Rebase to 10.2.15 +- CVEs fixed: #1568962 + CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 + CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 + CVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810 + +* Thu Mar 29 2018 Michal Schorm - 3:10.2.14-1 +- Rebase to 10.2.14 +- Update testsuite run for SSL self signed certificates + * Tue Mar 6 2018 Michal Schorm - 3:10.2.13-2 - Further fix of ldconfig scriptlets for F27 - Fix hardcoded paths, move unversioned libraries and symlinks to the devel subpackage diff --git a/mysql.service.in b/mysql.service.in index bb5b8c2..6f84dd3 100644 --- a/mysql.service.in +++ b/mysql.service.in @@ -26,8 +26,15 @@ [Unit] Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server +Documentation=man:mysqld(8) +Documentation=https://mariadb.com/kb/en/library/systemd/ After=network.target +[Install] +WantedBy=multi-user.target +Alias=mysql.service +Alias=mysqld.service + [Service] Type=notify User=mysql @@ -64,8 +71,3 @@ TimeoutSec=300 # Place temp files in a secure directory, not /tmp PrivateTmp=true - -[Install] -WantedBy=multi-user.target -Alias=mysql.service -Alias=mysqld.service diff --git a/mysql@.service.in b/mysql@.service.in index 34e645f..b36ce6d 100644 --- a/mysql@.service.in +++ b/mysql@.service.in @@ -33,8 +33,15 @@ [Unit] Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server +Documentation=man:mysqld(8) +Documentation=https://mariadb.com/kb/en/library/systemd/ After=network.target +[Install] +WantedBy=multi-user.target +Alias=mysql.service +Alias=mysqld.service + [Service] Type=notify User=mysql @@ -70,8 +77,3 @@ TimeoutSec=300 # Place temp files in a secure directory, not /tmp PrivateTmp=true - -[Install] -WantedBy=multi-user.target -Alias=mysql.service -Alias=mysqld.service diff --git a/rh-skipped-tests-arm.list b/rh-skipped-tests-arm.list index 8b13789..6ec9031 100644 --- a/rh-skipped-tests-arm.list +++ b/rh-skipped-tests-arm.list @@ -1 +1,2 @@ - +# Fails since 10.2.15 +encryption.innodb-encryption-alter : diff --git a/rh-skipped-tests-base.list b/rh-skipped-tests-base.list index 5859a1d..3afa05d 100644 --- a/rh-skipped-tests-base.list +++ b/rh-skipped-tests-base.list @@ -2,20 +2,20 @@ # https://jira.mariadb.org/browse/MDEV-8404?focusedCommentId=84275&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-84275 main.ssl_7937 : #1399847 main.ssl_crl_clients : #1399847 +main.ssl_cert_verify : # main.non_blocking_api : #1399847 perfschema.nesting : #1399847 perfschema.socket_summary_by_instance_func : #1399847 +perfschema.socket_summary_by_event_name_func : # needs this tests disabled for mode build plugins.feedback_plugin_load : # plugins.show_all_plugins : warnings in log # ------------------------------ -# Failing from rebase to 10.1.24 -# issues trackers will be added - +# Tests that fails because of 'Self Signed Certificate in the Certificate Chain' perfschema.cnf_option : rpl.rpl_row_img_blobs : @@ -24,40 +24,11 @@ rpl.rpl_row_img_eng_noblob : sys_vars.slave_parallel_threads_basic : -# Fails since 10.1.12 +# ------------------------------ +# Fails since 10.1.12; only x86_64 innodb.innodb_defrag_binlog : -# Fails on PPC, PPC64 and AArch -parts.partition_alter4_innodb : #1399847 - -# https://jira.mariadb.org/browse/MDEV-14003 -spider/bg.spider3_fixes_part : -spider/bg.spider_fixes : -spider/bg.spider_fixes_part : -spider/bg.basic_sql : -spider/bg.basic_sql_part : -spider/bg.direct_aggregate_part : -spider/bg.direct_update : -spider/bg.direct_update_part : -spider/bg.function : -spider/bg.ha : -spider/bg.ha_part : -spider/bg.vp_fixes : -spider.spider3_fixes : -spider.spider3_fixes_part : -spider.spider_fixes : -spider.spider_fixes_part : -spider.basic_sql_part : -spider.direct_aggregate : -spider.direct_aggregate_part : -spider.direct_update : -spider.direct_update_part : -spider.function : -spider.ha : -spider.ha_part : -spider.vp_fixes : - -# 10.2.12 and 10.2.13 after some unidentified change in Rawhide buildroot +# on x86_64 after 10.2.12 and 10.2.13 after some unidentified change in Rawhide buildroot mroonga/storage.index_multiple_column_range_all_used_less_than : mroonga/storage.index_multiple_column_range_all_used_less_than_or_equal : mroonga/storage.index_multiple_column_range_partially_used_have_prefix_less_than : @@ -67,3 +38,21 @@ mroonga/storage.index_multiple_column_range_partially_used_no_prefix_less_than_o mroonga/storage.optimization_order_limit_optimized_datetime_less_than : mroonga/storage.optimization_order_limit_optimized_datetime_less_than_or_equal : +# Fails everywhere since 10.2.15 +main.non_blocking_api : +main.userstat : + +# Fails on x86_64 since 10.2.15 +rocksdb.2pc_group_commit : +rocksdb.read_only_tx : +rocksdb.shutdown : +rocksdb.index_merge_rocksdb2 : +rocksdb.index_merge_rocksdb : + +# Fails on ppc and arm since 10.2.15 +binlog.binlog_flush_binlogs_delete_domain : +innodb.innodb_buffer_pool_resize_with_chunks : +innodb.innodb_buffer_pool_resize : +innodb_gis.rtree_compress : +innodb_gis.rtree_compress2 : +parts.partition_alter4_innodb : diff --git a/rh-skipped-tests-ppc.list b/rh-skipped-tests-ppc.list index a62648c..38a0948 100644 --- a/rh-skipped-tests-ppc.list +++ b/rh-skipped-tests-ppc.list @@ -1,33 +1,12 @@ -# Fails since 10.1.12 only on PPC64 -innodb_fts.fulltext : -# Fails since 10.1.12 only on PPC64 and PPC64le; timeout after 1800 seconds -innodb.innodb_defrag_concurrent : -parts.partition_alter1_2_innodb : - # 10.2.12 & 10.2.13 after some uninedtified Rawhide (and the forked f28) buildroot change # failed: 1045: Access denied for user '.....'@'localhost' (using password: YES) +binlog_encryption.encrypted_master : binlog_encryption.encrypted_slave : -rpl.rpl_create_drop_user : -rpl.rpl_do_grant : -rpl.rpl_temporary : -main.connect : -main.events_bugs : -main.mysql_client_test : -main.mysql_upgrade-6984 : -innodb.innodb_defragment : -innodb.innodb_defrag_stats : -main.mysql_upgrade : -innodb.temporary_table_optimization : -main.plugin_auth : + funcs_1.innodb_trig_03 : funcs_1.innodb_trig_03e : funcs_1.innodb_trig_0407 : funcs_1.innodb_trig_08 : -innodb.innodb_bug34053 : -main.select_pkeycache : -main.mysql_client_test_comp : -main.plugin_auth_qa_1 : -sys_vars.secure_auth_func : funcs_1.memory_trig_03 : funcs_1.memory_trig_03e : funcs_1.memory_trig_0407 : @@ -38,24 +17,51 @@ funcs_1.myisam_trig_0407 : funcs_1.myisam_trig_08 : funcs_1.processlist_priv_no_prot : funcs_1.processlist_val_no_prot : -main.change_user : + +innodb.innodb_bug34053 : +innodb.temporary_table_optimization : +innodb_zip.cmp_per_index : + +main.connect : +main.derived_cond_pushdown : +main.events_bugs : main.grant : main.grant2 : +main.change_user : main.lowercase_fs_off : +main.mysql_client_test : +main.mysql_client_test_comp : +main.mysql_client_test_nonblock : +main.mysql_upgrade : +main.mysql_upgrade-6984 : +main.plugin_auth : +main.plugin_auth_qa_1 : +main.ps : main.ps_grant : -main.select : -main.select_jcl6 : +main.select_pkeycache : main.set_password_plugin-9835 : main.show_grants_with_plugin-7985 : -main.sp-security : main.sp_notembedded : -main.type_float : +main.sp-security : main.type_newdecimal : main.type_ranges : main.userstat-badlogin-4824 : main.view_grant : + +parts.partition_alter1_1_innodb : +parts.partition_alter1_2_innodb : +parts.part_supported_sql_func_innodb : + plugins.auth_ed25519 : + roles.grant_role_auto_create_user : + +rpl.rpl_create_drop_user : +rpl.rpl_do_grant : +rpl.rpl_temporary : + sys_vars.old_passwords_func : +sys_vars.secure_auth_func : + unit.conc_connection : unit.ed25519 : diff --git a/rh-skipped-tests-s390.list b/rh-skipped-tests-s390.list index e69de29..e0a897b 100644 --- a/rh-skipped-tests-s390.list +++ b/rh-skipped-tests-s390.list @@ -0,0 +1,2 @@ +# Fails since 10.2.15 +disks.disks :