Use RPATH for mysqld, so we can later set capabilities

Set capabilities for mysqld the correct way
This commit is contained in:
Honza Horak 2019-01-27 10:47:35 +00:00 committed by Michal Schorm
parent 4f98e7a1d3
commit fb5621d327
2 changed files with 28 additions and 7 deletions

View File

@ -0,0 +1,18 @@
MySQL 8.0 includes a feature that requires we set linux NICE capabilities to
mysqld daemon. Because of that, LD_LIBRARY_PATH does not work (see
secure-execution mode in http://man7.org/linux/man-pages/man8/ld.so.8.html).
Related: #1628814
diff -up mysql-8.0.12/sql/CMakeLists.txt.patchrpath mysql-8.0.12/sql/CMakeLists.txt
--- mysql-8.0.12/sql/CMakeLists.txt.patchrpath 2018-09-14 13:59:02.884021458 +0200
+++ mysql-8.0.12/sql/CMakeLists.txt 2018-09-14 14:01:10.897983621 +0200
@@ -711,6 +711,8 @@ ENDIF()
MYSQL_ADD_EXECUTABLE(mysqld
${MYSQLD_SOURCE} DESTINATION ${INSTALL_SBINDIR} COMPONENT Server)
+SET_TARGET_PROPERTIES(mysqld PROPERTIES INSTALL_RPATH "${RPATH_LIBDIR}")
+
OPTION(DEBUG_EXTNAME "Build server as mysqld-debug (debug builds only)" OFF)
MARK_AS_ADVANCED(DEBUG_EXTNAME)

View File

@ -83,7 +83,7 @@
Name: community-mysql
Version: 8.0.14
Release: 1%{?with_debug:.debug}%{?dist}
Release: 2%{?with_debug:.debug}%{?dist}
Summary: MySQL client programs and shared libraries
URL: http://www.mysql.com
@ -124,6 +124,7 @@ Patch51: %{pkgnamepatch}-chain-certs.patch
Patch52: %{pkgnamepatch}-sharedir.patch
Patch53: %{pkgnamepatch}-router.patch
Patch54: %{pkgnamepatch}-gcc9.patch
Patch55: %{pkgnamepatch}-rpath.patch
Patch75: %{pkgnamepatch}-arm32-timer.patch
# Patches taken from boost 1.59
@ -376,6 +377,7 @@ the MySQL sources.
%patch52 -p1
%patch53 -p1
%patch54 -p1
%patch55 -p1
%patch75 -p1
# Patch Boost
@ -509,6 +511,7 @@ cmake .. \
-DINSTALL_INFODIR=share/info \
-DINSTALL_LIBEXECDIR=libexec \
-DINSTALL_LIBDIR="%{_lib}/mysql" \
-DRPATH_LIBDIR="%{_libdir}" \
-DINSTALL_MANDIR=share/man \
-DINSTALL_MYSQLSHAREDIR=share/%{pkg_name} \
-DINSTALL_MYSQLTESTDIR=share/mysql-test \
@ -725,11 +728,6 @@ if [ ! -e "%{logfile}" -a ! -h "%{logfile}" ] ; then
install /dev/null -m0640 -omysql -gmysql "%{logfile}"
fi
# Enable the SYS_NICE capablilities; #1540946
if [ -e "/usr/sbin/setcap" ] ; then
setcap cap_sys_nice+ep /usr/libexec/mysqld
fi
%preun server
%if %{with init_systemd}
%systemd_preun %{daemon_name}.service
@ -853,7 +851,8 @@ fi
%config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf
%{_sbindir}/mysqld
%{_libexecdir}/mysqld
# sys_nice capability required for rhbz#1628814
%caps(cap_sys_nice=ep) %{_libexecdir}/mysqld
%{_libdir}/mysql/INFO_SRC
%{_libdir}/mysql/INFO_BIN
@ -934,6 +933,10 @@ fi
%endif
%changelog
* Sun Jan 27 2019 Honza Horak <hhorak@redhat.com> - 8.0.14-2
- Use RPATH for mysqld, so we can later set capabilities
- Set capabilities for mysqld the correct way
* Mon Jan 21 2019 Lars Tangvald <lars.tangvald@oracle.com> - 8.0.14-1
- Update to MySQL 8.0.14
- Remove fedora version condition that are no longer relevant