From 7c7c8b37e07ecaa3b86e0a2742368823cc2e1862 Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Sun, 27 Jan 2019 10:47:35 +0000 Subject: [PATCH] Use RPATH for mysqld, so we can later set capabilities Set capabilities for mysqld the correct way --- community-mysql-rpath.patch | 18 ++++++++++++++++++ community-mysql.spec | 17 ++++++++++------- 2 files changed, 28 insertions(+), 7 deletions(-) create mode 100644 community-mysql-rpath.patch diff --git a/community-mysql-rpath.patch b/community-mysql-rpath.patch new file mode 100644 index 0000000..00cafa6 --- /dev/null +++ b/community-mysql-rpath.patch @@ -0,0 +1,18 @@ +MySQL 8.0 includes a feature that requires we set linux NICE capabilities to +mysqld daemon. Because of that, LD_LIBRARY_PATH does not work (see +secure-execution mode in http://man7.org/linux/man-pages/man8/ld.so.8.html). + +Related: #1628814 + +diff -up mysql-8.0.12/sql/CMakeLists.txt.patchrpath mysql-8.0.12/sql/CMakeLists.txt +--- mysql-8.0.12/sql/CMakeLists.txt.patchrpath 2018-09-14 13:59:02.884021458 +0200 ++++ mysql-8.0.12/sql/CMakeLists.txt 2018-09-14 14:01:10.897983621 +0200 +@@ -711,6 +711,8 @@ ENDIF() + MYSQL_ADD_EXECUTABLE(mysqld + ${MYSQLD_SOURCE} DESTINATION ${INSTALL_SBINDIR} COMPONENT Server) + ++SET_TARGET_PROPERTIES(mysqld PROPERTIES INSTALL_RPATH "${RPATH_LIBDIR}") ++ + OPTION(DEBUG_EXTNAME "Build server as mysqld-debug (debug builds only)" OFF) + MARK_AS_ADVANCED(DEBUG_EXTNAME) + diff --git a/community-mysql.spec b/community-mysql.spec index 75bb849..1771ae0 100644 --- a/community-mysql.spec +++ b/community-mysql.spec @@ -83,7 +83,7 @@ Name: community-mysql Version: 8.0.14 -Release: 1%{?with_debug:.debug}%{?dist} +Release: 2%{?with_debug:.debug}%{?dist} Summary: MySQL client programs and shared libraries URL: http://www.mysql.com @@ -124,6 +124,7 @@ Patch51: %{pkgnamepatch}-chain-certs.patch Patch52: %{pkgnamepatch}-sharedir.patch Patch53: %{pkgnamepatch}-router.patch Patch54: %{pkgnamepatch}-gcc9.patch +Patch55: %{pkgnamepatch}-rpath.patch Patch75: %{pkgnamepatch}-arm32-timer.patch # Patches taken from boost 1.59 @@ -376,6 +377,7 @@ the MySQL sources. %patch52 -p1 %patch53 -p1 %patch54 -p1 +%patch55 -p1 %patch75 -p1 # Patch Boost @@ -509,6 +511,7 @@ cmake .. \ -DINSTALL_INFODIR=share/info \ -DINSTALL_LIBEXECDIR=libexec \ -DINSTALL_LIBDIR="%{_lib}/mysql" \ + -DRPATH_LIBDIR="%{_libdir}" \ -DINSTALL_MANDIR=share/man \ -DINSTALL_MYSQLSHAREDIR=share/%{pkg_name} \ -DINSTALL_MYSQLTESTDIR=share/mysql-test \ @@ -725,11 +728,6 @@ if [ ! -e "%{logfile}" -a ! -h "%{logfile}" ] ; then install /dev/null -m0640 -omysql -gmysql "%{logfile}" fi -# Enable the SYS_NICE capablilities; #1540946 -if [ -e "/usr/sbin/setcap" ] ; then - setcap cap_sys_nice+ep /usr/libexec/mysqld -fi - %preun server %if %{with init_systemd} %systemd_preun %{daemon_name}.service @@ -853,7 +851,8 @@ fi %config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf %{_sbindir}/mysqld -%{_libexecdir}/mysqld +# sys_nice capability required for rhbz#1628814 +%caps(cap_sys_nice=ep) %{_libexecdir}/mysqld %{_libdir}/mysql/INFO_SRC %{_libdir}/mysql/INFO_BIN @@ -934,6 +933,10 @@ fi %endif %changelog +* Sun Jan 27 2019 Honza Horak - 8.0.14-2 +- Use RPATH for mysqld, so we can later set capabilities +- Set capabilities for mysqld the correct way + * Mon Jan 21 2019 Lars Tangvald - 8.0.14-1 - Update to MySQL 8.0.14 - Remove fedora version condition that are no longer relevant