Commit Graph

85 Commits

Author SHA1 Message Date
Michal Schorm
98b3dc5706 ExcludeArch: %{ix86} 2024-01-27 03:06:27 +00:00
Michal Schorm
347c8546b3 MariaDB ship systemd socket files since 10.6
https://mariadb.com/kb/en/systemd/#systemd-socket-activation

In case of RHEL, ship them in %_datadir, instead of the %_unitdir,
so users can still try them out, but it is not a default configuration.
2024-01-26 12:00:30 +01:00
Michal Schorm
0488616973 Remove temporary files created by the testsuite execution 2024-01-20 08:52:18 +01:00
Michal Schorm
531f5a4b5c Remove manual pages already shipped by mariadb-connector-c package 2024-01-20 08:52:15 +01:00
Michal Schorm
bb5a21941d Update skipped-tests-list for 10.11.6 release 2024-01-19 10:48:04 +01:00
Michal Schorm
73fa57764d [2/2] FMT - Use pre-downloaded bundle of FMT sources 2024-01-19 10:47:54 +01:00
Michal Schorm
4767b335b9 [1/2] FMT - FMT isn't available in RHEL 2024-01-19 10:47:48 +01:00
Michal Schorm
a7fe5a55b4 [2/2] Rebase to 10.11.6 - start using upstream logrotate file
Explanation for removed notes follow:

| * Enable creation of the log file by logrotate (needed since
|   /var/log/ isn't writable by mysql user); and set the same 640
|   permissions we normally use.

This is an ancient artefact.
It originates in this commit from 2012 in the 'mysql' package in Fedora:
  https://src.fedoraproject.org/rpms/mysql/c/d3bdaa4a?branch=rawhide
That was at the time, when the DB log resided directly in '/var/log/', rather than '/var/log/some-dir-specific-for-the-DB/'.
Since that is no longer the case, the 'create 600 mysql mysql' directive is no longer necessary.

| * Comment out the actual rotation commands, so that user must edit
|   the file to enable rotation.  This is unfortunate, but the fact
|   that the script will probably fail without manual configuration
|   (to set a root password) means that we can't really have it turned
|   on by default.  Fortunately, in most configurations the log file
|   is low-volume and so rotation is not critical functionality.

This is no longer true.
Since MariaDB 10.4, which introduced authentication via the UNIX socket,
the 'root' and 'mysql' users can authenticate without login and password.

So we can go back to using 'mysqladmin', or 'mariadb-admin' in this case, to flush logs

| See discussions at RH bugs 799735, 547007
| * Note they are from Fedora 15 / 16

I found no more useful information there. Only information already mentioned in other notes here.

| Update 3/2017
| * it would be big unexpected change for anyone upgrading, if we start shipping it now.
|  Maybe it is good candidate for shipping with MariaDB 10.2 ?

Introduction of MariaDB 10.11 is the perfect time.

| * the 'mysqladmin flush logs' doesn´t guarantee, no entries are lost
|   during flushing, the operation is not atomic.
|   We should not ship it in that state

True, however, no one likely cares about that, in reality, since those logs don't hold any journal-like entries.
Explained here:
  https://github.com/MariaDB/server/pull/1556#issuecomment-941886220

| Update 6/2018
| * the SIGHUP causes server to flush all logs. No password admin needed, the only constraint is
|   beeing able to send the SIGHUP to the process and read the mysqld pid file, which root can.
| * Submited as PR: https://github.com/MariaDB/server/pull/807

It has been dicussed on the upstream thoroughly and was found far from ideal.
Now, that we can use 'mysqladmin', or 'mariadb-admin' in this case, safely again,
there's no argument to keep using the PID file for flushing logs.

| Update 02/2021
| * Enhance the script as proposed in:
|   https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux/

Enhanced again now. Significantly this time, however with a vision that the values will become an OS-independent defaults.

|  * Discussion continues in:
|   https://jira.mariadb.org/browse/MDEV-16621

Discussion finished.
Better start a new one, if needed.
2024-01-19 10:47:40 +01:00
Michal Schorm
23a3fc32d2 [1/2] Rebase to 10.11.6 - rebase 2024-01-19 10:47:34 +01:00
Michal Schorm
fe5fae2099 Rebase to 10.10.7 2024-01-19 10:47:28 +01:00
Michal Schorm
1ac20c08a1 Rebase to 10.9.8 2024-01-19 10:47:22 +01:00
Michal Schorm
0188079713 Rebase to 10.8.8 2024-01-19 10:47:16 +01:00
Michal Schorm
938a87d440 Rebase to 10.7.8 2024-01-19 10:47:09 +01:00
Michal Schorm
4169d7ae10 [2/3] Rebase to 10.6.16
Revert "Introduce the script for generating sources tarball without a code under a license which was not yet approved for Fedora or RHEL"
This reverts commit 7f8a0e15a6.

Note: MariaDB upstream removed TokuDB SE sources in 10.6.0
2024-01-19 10:46:55 +01:00
Michal Schorm
73961d1e18 [1/3] Rebase to 10.6.16
new sources are intentionally omitted from this commit
2024-01-19 10:46:48 +01:00
Lukas Javorsky
ddac4730a6 Testsuite verification for 10.5.22 version on CentOS Stream 9
Related: RHEL-8411
2023-10-03 17:02:49 +00:00
Michal Schorm
0ddb1d9e5f WORKAROUND: disable LTO on i686 arch to mitigate Internal Compiler Error
Issue described here: https://bugzilla.redhat.com/show_bug.cgi?id=2239498
TODO: Remove when the issue is resolved

Related: RHEL-8411
2023-10-03 17:02:44 +00:00
Michal Schorm
609df3be4b [1/2] Rebase to version 10.5.22
Fedora commit: a0c21fd5cf

Upstream Release notes:
https://mariadb.com/kb/en/mariadb-10-5-22-release-notes/

Related: RHEL-8411
2023-10-03 17:02:38 +00:00
Michal Schorm
cbd4c2cc5e Rebase to 10.5.21
Fedora commit: e04eb650af

Related: RHEL-8411
2023-10-03 17:02:32 +00:00
Michal Schorm
ab429c18f7 Testsuite verification for 10.5.20 version
Fedora commit: a6a41d44d0

- skipped test lists format fixed
- code for applying skipped tests list added to the SPIDER suites

Related: RHEL-8411
2023-10-03 17:02:22 +00:00
Michal Schorm
d482569925 Save SPIDER tests data on disk, rather than to memory
Fedora commit: be7c99651a

I've encountered this strange behaviour, staring with MariaDB 10.5.20.
The SPIDER tests, and only them, started to fail in 100% cases on all arches
with wide range of "no space left on device" like errors.

This is interesting, as simmilar issues occured before
only on specific arches or build systems.

I've thought that maybe the full suite, which run before the spider tests,
have left over some data in the memory which would leave less space for the
spider tests.
However swapping order - running the spider test first and the full suite
later didn't help anyhow. The spider tests failed rightaway.

Also, it's interesting that running just the main suite in memory is possible.
This observation should rule out changes in the build system (lowering the
memory limits for builders), as I'd expect that the main suite woould have much
bigger memory need than the spider tests.

--

This leads to a possibility that there is actually a bug in the spider engine
or tests, which cause the unexpected larger memory consumption.
This should be examined further. Sadly I don't have capacity for it now.

Related: RHEL-8411
2023-10-03 17:02:15 +00:00
Lukas Javorsky
540f0ecc10 Pcre2 bundled version bump and changed GitHub project name
Fedora commit: 40d8f32182

Pcre2 version bumped to 10.42.
Also pcre2 github project name has been changed to PCRE2Project.

Related: RHEL-8411
2023-10-03 17:02:09 +00:00
Siddhesh Poyarekar
24273b0d27 Use _fortify_level to disable fortification in debug builds
Fedora commit: cb41bf05f1

Related: RHEL-8411
2023-10-03 17:02:00 +00:00
Lukas Javorsky
187ddfbf01 Rebase to version 10.5.20
Fedora commit: b6ec88a877

Resolves: RHEL-11334
2023-10-03 17:01:50 +00:00
Michal Schorm
56442079e2 Rebase to 10.5.18
Fedora commit: 9f12d914a4

OpenSSL 3 patch upstreamed

Resolves: RHEL-11332 RHEL-8411
2023-10-03 17:00:46 +00:00
Michal Schorm
227dbf53a5 Release bump for rebuild
--

Related: #2092370
2022-06-13 13:46:20 +02:00
Michal Schorm
bcee682dc0 Update the version number of the bundled PCRE2
The PCRE2 version used by upstream in the 'MariaDB 10.5.16' release is '10.40'

--

Related: #2092370
2022-06-08 04:04:00 +02:00
Michal Schorm
8060bcc4f7 Pack newly introduced translations
--

Related: #2092370
2022-06-08 04:04:00 +02:00
Michal Schorm
f60b8593e8 Rebase to 10.5.16
--

Related: #2092370

Issues Fixed in MariaDB 10.5.14
Reolves: #2090192
2022-06-08 04:03:40 +02:00
Michal Schorm
0ce0cd11ac Remove the second source path definition from the CMake command
The '%cmake' RPM macro in Fedora actually expands to:
| ...
|   /usr/bin/cmake \
|         -S "." \
|         -B "redhat-linux-build" \
| ...

So in this case the source patch was specified twice.
First in the macro with the '-S' option and second time outside of the macro,
in the SPECfile, without the '-S' option.

CMake upstream declares that:
|  This has never been officially documented or supported,
|  but older versions accidentally accepted multiple source paths
|  and used the last path specified. Update scripts to avoid
|  passing multiple source path arguments.
https://cmake.org/cmake/help/v3.23/release/3.23.html#deprecated-and-removed-features

This was discovered as CMake upstream implemented a change to the 3.23.0-rc2 release
that changed this behavior and it broke many Fedora packages that used this
double source path definition.
  See rhbz#2057738 to see how build behaved

After the CMake upstream got aware of what problems it caused in Fedora,
they opened a merge request to restore the behavior to the old one,
but kept the warnings that that is an unsupported and problematic behavior:
  https://gitlab.kitware.com/cmake/cmake/-/issues/23334

---

As for today, this issue is still not yet fully resolved.
- The CMake maintainers in Fedora haven't rebased the package to 3.23-1 release, so it is still broken
- Affected packages in Fedora should find a way to stop using this unsupported behavior
- The double '-S' argument passing should be marked as problematic too, in the exact same way
  https://gitlab.kitware.com/cmake/cmake/-/issues/23334#note_1159258
- A change to the %cmake Fedora RPM macro might be in play, so it won't force a source path
  https://gitlab.kitware.com/cmake/cmake/-/issues/23334#note_1159258

I opened a BZ #2079833 to track the progress of the solution by CMake maintainers

--

Related: #2092370
2022-06-08 04:03:40 +02:00
Michal Schorm
7ac4ffbb5d Patch for pkgconfig directory has been upstreamed
The upstream implementation is to NOT make it configurable, but to put it on the correct location instead:
  c5c1027c6e

--

Related: #2092370
2022-06-08 04:03:40 +02:00
Michal Schorm
ae9053f42a Another fixup for: 0d4a89ed9 "Fix md5 in FIPS mode with OpenSSL 3.0.0"
The condition has to be fixed, as the OpenSSL 3 was introduced into the Fedora 36, instead of Fedora 35
  https://fedoraproject.org/wiki/Changes/OpenSSL3.0

--

Related: #2092370
2022-06-08 04:03:40 +02:00
Michal Schorm
6fd5319b66 Fixup for: 0d4a89ed9 "Fix md5 in FIPS mode with OpenSSL 3.0.0"
The 'mariadb-fips.patch' patch has to be applied conditionally. It will FTBFS on releases without OpenSSL 3.

---

/builddir/build/BUILD/mariadb-10.5.15-downstream_modified/mysys_ssl/my_md5.cc: In function 'void md5_init(EVP_MD_CTX*)':
/builddir/build/BUILD/mariadb-10.5.15-downstream_modified/mysys_ssl/my_md5.cc:56:9: error: 'EVP_MD_fetch' was not declared in this scope; did you mean 'EVP_MD_flags'?
   56 |   md5 = EVP_MD_fetch(NULL, "MD5", "fips=no");
      |         ^~~~~~~~~~~~
      |         EVP_MD_flags
/builddir/build/BUILD/mariadb-10.5.15-downstream_modified/mysys_ssl/my_md5.cc:63:3: error: 'EVP_MD_free' was not declared in this scope; did you mean 'EVP_MD_type'?
   63 |   EVP_MD_free(md5);
      |   ^~~~~~~~~~~
      |   EVP_MD_type
gmake[2]: *** [mysys_ssl/CMakeFiles/mysys_ssl.dir/build.make:149: mysys_ssl/CMakeFiles/mysys_ssl.dir/my_md5.cc.o] Error 1

--

Related: #2092370
2022-06-08 04:03:40 +02:00
Michal Schorm
1d2bedfc2e Remove bits only relevant for EOL Fedora 32 and older
--

Related: #2092370
2022-06-08 04:03:40 +02:00
Michal Schorm
923d57f454 Rebase to 10.5.15
Logrotate patch rebased onto upstream commit:
  008c02c987

Groonga patch upstreamed:
  045f5f7b10

OpenSSL 3 patch rebased onto upstream commit:
  be1d965384

OpenSSL 3 CMake condition reverted - it should be only applied to series without OpenSSL 3 patch:
  c9beef4315

Full testsuite success on a Fedora Rawhide scratch build,
setting "last_tested_version" to 10.5.15 so only the "main" test suite will be run on subsequent
builds of the same MariaDB release

--

Related: #2092370

Issues Fixed in MariaDB 10.5.14
Reolves: #2083371 #2068219

Issues Fixed in MariaDB 10.5.15
Resolves: #2055607
2022-06-08 04:01:52 +02:00
Michal Schorm
321dc0e0d4 Fix the RPM condition for when the client subpackage is not built
--

Related: #2092370
2022-06-08 04:00:38 +02:00
Michal Schorm
29211e8620 Fix the RPM condition for when the test subpackage is not built but the PAM plugin subpackage is
--

Related: #2092370
2022-06-08 04:00:35 +02:00
Michal Schorm
0b02fefc9b Fix the RPM condition for when the test subpackage is not built but the embedded server subpackage is
--

Related: #2092370
2022-06-08 04:00:32 +02:00
Michal Schorm
1695bd1409 Fix the RPM condition for when the galera subpackage is not built
--

Related: #2092370
2022-06-08 04:00:22 +02:00
Michal Schorm
1c5ecdf5bd Fix the RPM condition for when the PAM plugin subpackage is not built
--

Related: #2092370
2022-06-08 04:00:17 +02:00
Michal Schorm
4698a110e3 Fix whitespaces in the echo, so both variables are prefixed with exactly one whitespace
--

Related: #2092370
2022-06-08 04:00:12 +02:00
Michal Schorm
0354b9890a Fix the regular expression used to pick up the PCRE2 version the upstream bundles
Upstream changed the URL from which they download the PCRE2 tarball

--

Related: #2092370
2022-06-08 04:00:04 +02:00
Honza Horak
02a712fe8d Fix md5 in FIPS mode with OpenSSL 3.0.0
OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer.
In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while
in 3.0.0+ it is a different EVP_MD provider.

  Resolves: #2050541
2022-02-09 15:37:33 +00:00
Michal Schorm
5e82fd62a4 Disable the upstream hardening - it overrides the default compilation flags of the distribution, but provides lower level of hardening than the default flags
This issue was originally discovered by Annocheck stack-protection test in RHEL 9
Resolves: #2044388

The -DSECURITY_HARDENED is used to force a set of compilation flags for hardening
The issue is that the MariaDB upstream level of hardening is lower than expected by Red Hat
We disable this option to the default compilation flags (which have higher level of hardening) will be used
2022-02-07 14:17:10 +01:00
Michal Schorm
ce17bc05c4 Rebase to 10.5.13
- Full testsuite checked

Resolves: #1976230 #2036983 #2021189
2022-01-11 15:38:59 +01:00
Michal Schorm
23822d7ce3 Enable LTO
Resolves: #1986172
2022-01-11 09:05:56 +01:00
Michal Schorm
a76a3c657b Reword lines applying OpenSSL patch to match Fedora SPECfile
Keeping the SPECfiles close helps with cherry-picking changes

Related: #2036983
2022-01-11 09:05:36 +01:00
Honza Horak
295ecfc23a Use OpenSSL 3.0.0 patch from upstream
Resolves: #1991498

Upstream patch: c80991c79f
Upstream JIRA ticket: https://jira.mariadb.org/browse/MDEV-25785
2021-12-02 13:46:46 +01:00
Michal Schorm
5de93c78f5 Add wsrep_sst_rsync_tunnel script
Resolves: #2003556
2021-10-11 13:07:07 +02:00
Honza Horak
b23e21d635 Fix md5 usage in wsrep part
Related: #1962047
2021-08-17 16:02:15 +02:00