Use RPATH for mysqld, so we can later set capabilities
Set capabilities for mysqld the correct way
This commit is contained in:
parent
4f98e7a1d3
commit
fb5621d327
18
community-mysql-rpath.patch
Normal file
18
community-mysql-rpath.patch
Normal file
@ -0,0 +1,18 @@
|
||||
MySQL 8.0 includes a feature that requires we set linux NICE capabilities to
|
||||
mysqld daemon. Because of that, LD_LIBRARY_PATH does not work (see
|
||||
secure-execution mode in http://man7.org/linux/man-pages/man8/ld.so.8.html).
|
||||
|
||||
Related: #1628814
|
||||
|
||||
diff -up mysql-8.0.12/sql/CMakeLists.txt.patchrpath mysql-8.0.12/sql/CMakeLists.txt
|
||||
--- mysql-8.0.12/sql/CMakeLists.txt.patchrpath 2018-09-14 13:59:02.884021458 +0200
|
||||
+++ mysql-8.0.12/sql/CMakeLists.txt 2018-09-14 14:01:10.897983621 +0200
|
||||
@@ -711,6 +711,8 @@ ENDIF()
|
||||
MYSQL_ADD_EXECUTABLE(mysqld
|
||||
${MYSQLD_SOURCE} DESTINATION ${INSTALL_SBINDIR} COMPONENT Server)
|
||||
|
||||
+SET_TARGET_PROPERTIES(mysqld PROPERTIES INSTALL_RPATH "${RPATH_LIBDIR}")
|
||||
+
|
||||
OPTION(DEBUG_EXTNAME "Build server as mysqld-debug (debug builds only)" OFF)
|
||||
MARK_AS_ADVANCED(DEBUG_EXTNAME)
|
||||
|
@ -83,7 +83,7 @@
|
||||
|
||||
Name: community-mysql
|
||||
Version: 8.0.14
|
||||
Release: 1%{?with_debug:.debug}%{?dist}
|
||||
Release: 2%{?with_debug:.debug}%{?dist}
|
||||
Summary: MySQL client programs and shared libraries
|
||||
URL: http://www.mysql.com
|
||||
|
||||
@ -124,6 +124,7 @@ Patch51: %{pkgnamepatch}-chain-certs.patch
|
||||
Patch52: %{pkgnamepatch}-sharedir.patch
|
||||
Patch53: %{pkgnamepatch}-router.patch
|
||||
Patch54: %{pkgnamepatch}-gcc9.patch
|
||||
Patch55: %{pkgnamepatch}-rpath.patch
|
||||
Patch75: %{pkgnamepatch}-arm32-timer.patch
|
||||
|
||||
# Patches taken from boost 1.59
|
||||
@ -376,6 +377,7 @@ the MySQL sources.
|
||||
%patch52 -p1
|
||||
%patch53 -p1
|
||||
%patch54 -p1
|
||||
%patch55 -p1
|
||||
%patch75 -p1
|
||||
|
||||
# Patch Boost
|
||||
@ -509,6 +511,7 @@ cmake .. \
|
||||
-DINSTALL_INFODIR=share/info \
|
||||
-DINSTALL_LIBEXECDIR=libexec \
|
||||
-DINSTALL_LIBDIR="%{_lib}/mysql" \
|
||||
-DRPATH_LIBDIR="%{_libdir}" \
|
||||
-DINSTALL_MANDIR=share/man \
|
||||
-DINSTALL_MYSQLSHAREDIR=share/%{pkg_name} \
|
||||
-DINSTALL_MYSQLTESTDIR=share/mysql-test \
|
||||
@ -725,11 +728,6 @@ if [ ! -e "%{logfile}" -a ! -h "%{logfile}" ] ; then
|
||||
install /dev/null -m0640 -omysql -gmysql "%{logfile}"
|
||||
fi
|
||||
|
||||
# Enable the SYS_NICE capablilities; #1540946
|
||||
if [ -e "/usr/sbin/setcap" ] ; then
|
||||
setcap cap_sys_nice+ep /usr/libexec/mysqld
|
||||
fi
|
||||
|
||||
%preun server
|
||||
%if %{with init_systemd}
|
||||
%systemd_preun %{daemon_name}.service
|
||||
@ -853,7 +851,8 @@ fi
|
||||
%config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf
|
||||
|
||||
%{_sbindir}/mysqld
|
||||
%{_libexecdir}/mysqld
|
||||
# sys_nice capability required for rhbz#1628814
|
||||
%caps(cap_sys_nice=ep) %{_libexecdir}/mysqld
|
||||
|
||||
%{_libdir}/mysql/INFO_SRC
|
||||
%{_libdir}/mysql/INFO_BIN
|
||||
@ -934,6 +933,10 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Sun Jan 27 2019 Honza Horak <hhorak@redhat.com> - 8.0.14-2
|
||||
- Use RPATH for mysqld, so we can later set capabilities
|
||||
- Set capabilities for mysqld the correct way
|
||||
|
||||
* Mon Jan 21 2019 Lars Tangvald <lars.tangvald@oracle.com> - 8.0.14-1
|
||||
- Update to MySQL 8.0.14
|
||||
- Remove fedora version condition that are no longer relevant
|
||||
|
Loading…
Reference in New Issue
Block a user