diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ec7f53e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/mariadb-10.5.13-downstream_modified.tar.gz diff --git a/.mariadb.metadata b/.mariadb.metadata new file mode 100644 index 0000000..4f2d986 --- /dev/null +++ b/.mariadb.metadata @@ -0,0 +1 @@ +ace36fe1a0ebba69b7cab359cb9a51c5b9fecbb4 SOURCES/mariadb-10.5.13-downstream_modified.tar.gz diff --git a/SOURCES/LICENSE.clustercheck b/SOURCES/LICENSE.clustercheck new file mode 100644 index 0000000..609015d --- /dev/null +++ b/SOURCES/LICENSE.clustercheck @@ -0,0 +1,27 @@ +Copyright (c) 2012-2014, Olaf van Zandwijk +All rights reserved. + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + +1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software without + specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR +ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/SOURCES/README.mariadb-docs b/SOURCES/README.mariadb-docs new file mode 100644 index 0000000..bff53eb --- /dev/null +++ b/SOURCES/README.mariadb-docs @@ -0,0 +1,9 @@ +MariaDB haven't yet made a document package available for offline. + +You can create your own copy with the instructions here: + +https://mariadb.com/kb/en/meta/mirroring-the-mariadb-knowledge-base/ + +You can find view the on-line documentation at: + +https://mariadb.com/kb/en/documentation/ diff --git a/SOURCES/README.wsrep_sst_rsync_tunnel b/SOURCES/README.wsrep_sst_rsync_tunnel new file mode 100644 index 0000000..0222b34 --- /dev/null +++ b/SOURCES/README.wsrep_sst_rsync_tunnel @@ -0,0 +1,132 @@ +socat tunnel for encrypted rsync SST +==================================== + +`wsrep_sst_rsync_tunnel` is an extension of the rsync-based [SST](http://galeracluster.com/documentation-webpages/glossary.html#term-state-snapshot-transfer) +implementation that ships with mariadb. Its purpose is to encrypt +communication between the donor and the joiner during an SST. + +Encryption is implemented by means of a socat tunnel, using OPENSSL +addresses. It can be configured via the regular openssl flags exposed +by socat. + + +## How to configure the script + +This SST script can configured by setting a few keys in your favorite +mariadb option file in addition to the usual galera settings. + + [mysqld] + ... + bind_address= + wsrep_sst_method=rsync_tunnel + ... + + [sst] + tca=/path/to/your/ca-file.crt + tcert=/path/to/node/certificate.crt + tkey=/path/to/node/key.key + sockopt= + +When a joiner node requests an SST, `wsrep_sst_rsync_tunnel` uses +socat to listen to incoming SSL connections on port 4444 in lieu of +the original rsync daemon. Received data will be forwarded to the +rscynd daemon started locally to replicate the database. + +When a donor node serves the SST, `wsrep_sst_rsync_tunnel` makes +a series of rsync calls that target a locally started socat daemon. +The daemon tunnels all rsync traffic into an encrypted SSL connection +that targets the joiner's end of the socat tunnel. + +Encryption parameters are specified under the `[sst]` group in the +mariadb option file, where `tkey` and `tcert` are respectively the key +and the certificate that are used by both sides of the socat tunnel. +Each node typically has a different key and cert. Both key and +certificate can be combined into a single PEM file and referenced by +`tcert`. Option `tca` holds a list of the trusted signing +certificates. + +In case you need to tweak the creation of the SSL connection, you can +pass valid socat options (as per socat manual) via the `sockopt` key. +For debugging purpose, the exact socat command that is being executed +shows up in the mariadb log file. + +Note that socat verifies that the certificate's commonName matches +that of the host that is being targeted. The target name comes from +the value configured in `bind_address`, so it's important that it +matches the certificate's commonName. An IP address can be used for +`bind_address`, but you may get into trouble in case different +hostnames resolve to the same IP (e.g. multiple networks per host). + + +## Examples of use + +Suppose you're running a 3-node galera cluster +`node1.my.cluster`, `node2.my.cluster`, `node3.my.cluster`. + +### Scenario: using self-signed certificates + +On each node, create a key and a certificate, and bundle them into a +single PEM file. For instance on `node1.my.cluster`: + + openssl genrsa -out /tls/mysql-$(hostname -f).key 2048 + openssl req -new -key /tls/mysql-$(hostname -f).key -x509 -days 365000 -subj "/CN=$(hostname -f)" -out /tls/mysql-$(hostname -f).crt -batch + cat /tls/mysql-$(hostname -f).key /tls/mysql-$(hostname -f).crt > /tls/mysql.pem + +Then, on each node, create a cafile that will contain all the certs to +trust: + + for n in node1.my.cluster node2.my.cluster node3.my.cluster; do + ssh $n 'cat /tls/mysql-$(hostname -f).crt' >> /tls/all-mysql.crt + done + +Once you have those two files on each host, you can configure the SST +appropriately. For instance from `/etc/my.cnf.d/galera.cnf`: + + [mysqld] + ... + + [sst] + tca=/tls/all-mysql.crt + tcert=/tls/mysql.pem + +### Scenario: using self-signed certificates, without verification + +By default, when socat tries to establish a SSL connection to a peer, +it also verifies that it can trust the peer's certificate. If for some +reason you need to disable that feature, you can amend the previous +configuration with a sockopt option: + + [mysqld] + ... + + [sst] + tca=/tls/all-mysql.crt + tcert=/tls/mysql.pem + sockopt="verify=0" + +The associated sockopt value is passed to socat when +the donor or the joiner configures his part of the tunnel. + +Note: please do not do so in production, this is inherently insecure +as you will not verify the identity of the peer you're connecting to! + +### Scenario: using certificates from a CA + +Suppose you have a FreeIPA service which generated a key file and a +certificate file for the three galera nodes, respectively located at +/tls/mysql.key and /tls/mysql.crt. + +Assuming that the certificate for the FreeIPA server is available at +/etc/ipa/ca.crt, you can configure you galera servers as follows: + + [sst] + tca=/etc/ipa/ca.crt + tcert=/tls/mysql.crt + tkey=/tls/mysql.key + +## License + +Copyright © 2017 [Damien Ciabrini](https://github.com/dciabrin). +This work is derived from the original `wsrep_rsync_sst`, copyright +© 2010-2014 [Codership Oy](https://github.com/codership). +Released under the GNU GPLv2. diff --git a/SOURCES/clustercheck.sh b/SOURCES/clustercheck.sh new file mode 100644 index 0000000..782dbb6 --- /dev/null +++ b/SOURCES/clustercheck.sh @@ -0,0 +1,89 @@ +#!/bin/bash +# +# Script to make a proxy (ie HAProxy) capable of monitoring Galera cluster nodes properly +# +# Author: Olaf van Zandwijk +# Author: Raghavendra Prabhu +# Author: Ryan O'Hara +# +# Documentation and download: https://github.com/olafz/percona-clustercheck +# +# Based on the original script from Unai Rodriguez +# + +if [ -f @INSTALL_SYSCONFDIR@/sysconfig/clustercheck ]; then + . @INSTALL_SYSCONFDIR@/sysconfig/clustercheck +fi + +MYSQL_USERNAME="${MYSQL_USERNAME-clustercheckuser}" +MYSQL_PASSWORD="${MYSQL_PASSWORD-clustercheckpassword!}" +MYSQL_HOST="${MYSQL_HOST:-127.0.0.1}" +MYSQL_PORT="${MYSQL_PORT:-3306}" +ERR_FILE="${ERR_FILE:-/dev/null}" +AVAILABLE_WHEN_DONOR=${AVAILABLE_WHEN_DONOR:-0} +AVAILABLE_WHEN_READONLY=${AVAILABLE_WHEN_READONLY:-1} +DEFAULTS_EXTRA_FILE=${DEFAULTS_EXTRA_FILE:-@INSTALL_SYSCONFDIR@/my.cnf} + +#Timeout exists for instances where mysqld may be hung +TIMEOUT=10 + +if [[ -r $DEFAULTS_EXTRA_FILE ]];then + MYSQL_CMDLINE="mysql --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE \ + --connect-timeout=$TIMEOUT \ + --user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} \ + --host=${MYSQL_HOST} --port=${MYSQL_PORT}" +else + MYSQL_CMDLINE="mysql -nNE --connect-timeout=$TIMEOUT \ + --user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} \ + --host=${MYSQL_HOST} --port=${MYSQL_PORT}" +fi +# +# Perform the query to check the wsrep_local_state +# +WSREP_STATUS=$($MYSQL_CMDLINE -e "SHOW STATUS LIKE 'wsrep_local_state';" \ + 2>${ERR_FILE} | tail -1 2>>${ERR_FILE}) + +if [[ "${WSREP_STATUS}" == "4" ]] || [[ "${WSREP_STATUS}" == "2" && ${AVAILABLE_WHEN_DONOR} == 1 ]] +then + # Check only when set to 0 to avoid latency in response. + if [[ $AVAILABLE_WHEN_READONLY -eq 0 ]];then + READ_ONLY=$($MYSQL_CMDLINE -e "SHOW GLOBAL VARIABLES LIKE 'read_only';" \ + 2>${ERR_FILE} | tail -1 2>>${ERR_FILE}) + + if [[ "${READ_ONLY}" == "ON" ]];then + # Galera cluster node local state is 'Synced', but it is in + # read-only mode. The variable AVAILABLE_WHEN_READONLY is set to 0. + # => return HTTP 503 + # Shell return-code is 1 + echo -en "HTTP/1.1 503 Service Unavailable\r\n" + echo -en "Content-Type: text/plain\r\n" + echo -en "Connection: close\r\n" + echo -en "Content-Length: 35\r\n" + echo -en "\r\n" + echo -en "Galera cluster node is read-only.\r\n" + sleep 0.1 + exit 1 + fi + fi + # Galera cluster node local state is 'Synced' => return HTTP 200 + # Shell return-code is 0 + echo -en "HTTP/1.1 200 OK\r\n" + echo -en "Content-Type: text/plain\r\n" + echo -en "Connection: close\r\n" + echo -en "Content-Length: 32\r\n" + echo -en "\r\n" + echo -en "Galera cluster node is synced.\r\n" + sleep 0.1 + exit 0 +else + # Galera cluster node local state is not 'Synced' => return HTTP 503 + # Shell return-code is 1 + echo -en "HTTP/1.1 503 Service Unavailable\r\n" + echo -en "Content-Type: text/plain\r\n" + echo -en "Connection: close\r\n" + echo -en "Content-Length: 36\r\n" + echo -en "\r\n" + echo -en "Galera cluster node is not synced.\r\n" + sleep 0.1 + exit 1 +fi diff --git a/SOURCES/mariadb-check-socket.sh b/SOURCES/mariadb-check-socket.sh new file mode 100644 index 0000000..51a7e43 --- /dev/null +++ b/SOURCES/mariadb-check-socket.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +# We check if there is already a process using the socket file, +# since otherwise the systemd service file could report false +# positive result when starting and mysqld_safe could remove +# a socket file, which is actually being used by a different daemon. + +source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common" + +if test -e "$socketfile" ; then + echo "Socket file $socketfile exists." >&2 + + # no write permissions + if ! test -w "$socketfile" ; then + echo "Not enough permission to write to the socket file $socketfile, which is suspicious." >&2 + echo "Please, remove $socketfile manually to start the service." >&2 + exit 1 + fi + + # not a socket file + if ! test -S "$socketfile" ; then + echo "The file $socketfile is not a socket file, which is suspicious." >&2 + echo "Please, remove $socketfile manually to start the service." >&2 + exit 1 + fi + + # some process uses the socket file + response=`@bindir@/mariadb-admin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER --connect-timeout="${CHECKSOCKETTIMEOUT:-10}" ping 2>&1` + if [ $? -eq 0 ] || echo "$response" | grep -q "Access denied for user" ; then + echo "Is another MariaDB daemon already running with the same unix socket?" >&2 + echo "Please, stop the process using the socket $socketfile or remove the file manually to start the service." >&2 + exit 1 + fi + + # socket file is a garbage + echo "No process is using $socketfile, which means it is a garbage, so it will be removed automatically." >&2 +fi + +exit 0 diff --git a/SOURCES/mariadb-check-upgrade.sh b/SOURCES/mariadb-check-upgrade.sh new file mode 100644 index 0000000..fe95544 --- /dev/null +++ b/SOURCES/mariadb-check-upgrade.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common" + +upgrade_info_file="$datadir/mysql_upgrade_info" +version=0 +# get version as integer from mysql_upgrade_info file +if [ -f "$upgrade_info_file" ] && [ -r "$upgrade_info_file" ] ; then + version_major=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\1/') + version_minor=$(cat "$upgrade_info_file" | head -n 1 | sed -e 's/\([0-9]*\)\.\([0-9]*\)\..*$/\2/') + if [[ $version_major =~ ^[0-9]+$ ]] && [[ $version_minor =~ ^[0-9]+$ ]] ; then + version=$((version_major*100+version_minor)) + fi +fi + +# compute current version as integer +thisversion=$((@MAJOR_VERSION@*100+@MINOR_VERSION@)) + +# provide warning in cases we should run mysql_upgrade +if [ $version -ne $thisversion ] ; then + + # give extra warning if some version seems to be skipped + if [ $version -gt 0 ] && [ $version -lt 505 ] ; then + echo "The datadir located at $datadir seems to be older than of a version 5.5. Please, mind that as a general rule, to upgrade from one release series to another, go to the next series rather than skipping a series." >&2 + fi + + cat <&2 +The datadir located at $datadir needs to be upgraded using 'mariadb-upgrade' tool. This can be done using the following steps: + + 1. Back-up your data before with 'mariadb-upgrade' + 2. Start the database daemon using 'systemctl start @DAEMON_NAME@.service' + 3. Run 'mariadb-upgrade' with a database user that has sufficient privileges + +Read more about 'mariadb-upgrade' usage at: +https://mariadb.com/kb/en/mysql_upgrade/ +EOF +fi + +exit 0 diff --git a/SOURCES/mariadb-fips.patch b/SOURCES/mariadb-fips.patch new file mode 100644 index 0000000..443af6f --- /dev/null +++ b/SOURCES/mariadb-fips.patch @@ -0,0 +1,28 @@ +Fix md5 in FIPS mode + +OpenSSL 3.0.0+ does not support EVP_MD_CTX_FLAG_NON_FIPS_ALLOW any longer. +In OpenSSL 1.1.1 the non FIPS allowed flag is context specific, while +in 3.0.0+ it is a different EVP_MD provider. + +Resolves: rhbz#2050541 + +diff -up mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc.fips mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc +--- mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc.fips 2022-02-07 16:36:47.255131576 +0100 ++++ mariadb-10.5.13-downstream_modified/mysys_ssl/my_md5.cc 2022-02-07 22:57:32.391002916 +0100 +@@ -52,12 +52,15 @@ static void md5_result(EVP_MD_CTX *conte + + static void md5_init(EVP_MD_CTX *context) + { ++ EVP_MD *md5; ++ md5 = EVP_MD_fetch(NULL, "MD5", "fips=no"); + EVP_MD_CTX_init(context); + #ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW + /* Ok to ignore FIPS: MD5 is not used for crypto here */ + EVP_MD_CTX_set_flags(context, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + #endif +- EVP_DigestInit_ex(context, EVP_md5(), NULL); ++ EVP_DigestInit_ex(context, md5, NULL); ++ EVP_MD_free(md5); + } + + static void md5_input(EVP_MD_CTX *context, const uchar *buf, unsigned len) diff --git a/SOURCES/mariadb-groonga.patch b/SOURCES/mariadb-groonga.patch new file mode 100644 index 0000000..3a0e74c --- /dev/null +++ b/SOURCES/mariadb-groonga.patch @@ -0,0 +1,30 @@ +# Fixing conflict with groonga package +# https://bugzilla.redhat.com/show_bug.cgi?id=1763287 + +--- mariadb-10.3.18/storage/mroonga/vendor/groonga/CMakeLists.txt.withoutoption 2019-11-11 14:01:07.762595716 +0100 ++++ mariadb-10.3.18/storage/mroonga/vendor/groonga/CMakeLists.txt 2019-11-11 14:33:05.224012458 +0100 +@@ -86,7 +86,9 @@ + set(INCLUDE_DIR "include") + set(GRN_INCLUDE_DIR "include/groonga") + set(DATA_DIR "share") +-set(GRN_DATA_DIR "${DATA_DIR}/${GRN_PROJECT_NAME}") ++if(NOT DEFINED GRN_DATA_DIR) ++ set(GRN_DATA_DIR "${DATA_DIR}/${GRN_PROJECT_NAME}") ++endif() + set(CONFIG_DIR "etc") + set(GRN_CONFIG_DIR "${CONFIG_DIR}/${GRN_PROJECT_NAME}") + set(GRN_CONFIG_PATH "${CMAKE_INSTALL_PREFIX}/${GRN_CONFIG_DIR}/groonga.conf") + +--- mariadb-10.3.18/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/CMakeLists.txt.withoutoption 2019-11-11 14:34:22.661005715 +0100 ++++ mariadb-10.3.18/storage/mroonga/vendor/groonga/vendor/plugins/groonga-normalizer-mysql/CMakeLists.txt 2019-11-11 14:35:59.962244120 +0100 +@@ -16,7 +16,9 @@ + # MA 02110-1335 USA + + cmake_minimum_required(VERSION 2.6) +-set(GROONGA_NORMALIZER_MYSQL_PROJECT_NAME "groonga-normalizer-mysql") ++if (NOT DEFINED GROONGA_NORMALIZER_MYSQL_PROJECT_NAME) ++ set(GROONGA_NORMALIZER_MYSQL_PROJECT_NAME "groonga-normalizer-mysql") ++endif() + project("${GROONGA_NORMALIZER_MYSQL_PROJECT_NAME}") + + if(DEFINED GROONGA_NORMALIZER_MYSQL_EMBED) diff --git a/SOURCES/mariadb-logrotate.patch b/SOURCES/mariadb-logrotate.patch new file mode 100644 index 0000000..aa46e59 --- /dev/null +++ b/SOURCES/mariadb-logrotate.patch @@ -0,0 +1,81 @@ +Adjust the mysql-log-rotate script in several ways: + +* Use the correct log file pathname for Red Hat installations. +* Enable creation of the log file by logrotate (needed since + /var/log/ isn't writable by mysql user); and set the same 640 + permissions we normally use. +* Comment out the actual rotation commands, so that user must edit + the file to enable rotation. This is unfortunate, but the fact + that the script will probably fail without manual configuration + (to set a root password) means that we can't really have it turned + on by default. Fortunately, in most configurations the log file + is low-volume and so rotation is not critical functionality. + +See discussions at RH bugs 799735, 547007 +* Note they are from Fedora 15 / 16 + +Update 3/2017 +* it would be big unexpected change for anyone upgrading, if we start shipping it now. + Maybe it is good candidate for shipping with MariaDB 10.2 ? +* the 'mysqladmin flush logs' doesn´t guarantee, no entries are lost + during flushing, the operation is not atomic. + We should not ship it in that state + +Update 6/2018 +* the SIGHUP causes server to flush all logs. No password admin needed, the only constraint is + beeing able to send the SIGHUP to the process and read the mysqld pid file, which root can. +* Submited as PR: https://github.com/MariaDB/server/pull/807 + +Update 02/2021 +* Enhance the script as proposed in: + https://mariadb.com/kb/en/rotating-logs-on-unix-and-linux/ +* Discussion continues in: + https://jira.mariadb.org/browse/MDEV-16621 + +--- mariadb-10.5.8/support-files/mysql-log-rotate.sh 2021-02-12 08:37:47.857289694 +0100 ++++ mariadb-10.5.8/support-files/mysql-log-rotate.sh_pacthed 2021-02-12 08:40:26.420372325 +0100 +@@ -3,35 +3,22 @@ + # in the [mysqld] section as follows: + # + # [mysqld] +-# log-error=@localstatedir@/mysqld.log +-# +-# If the root user has a password you have to create a +-# /root/.my.cnf configuration file with the following +-# content: +-# +-# [mysqladmin] +-# password = +-# user= root +-# +-# where "" is the password. +-# +-# ATTENTION: This /root/.my.cnf should be readable ONLY +-# for root ! ++# log-error=@LOG_LOCATION@ + +-@localstatedir@/mysqld.log { +- # create 600 mysql mysql ++@LOG_LOCATION@ { ++ create 600 mysql mysql + notifempty + daily + rotate 3 + missingok + compress ++ delaycompress ++ sharedscripts + postrotate + # just if mariadbd is really running +- if test -x @bindir@/mysqladmin && \ +- @bindir@/mysqladmin ping &>/dev/null +- then +- @bindir@/mysqladmin --local flush-error-log \ +- flush-engine-log flush-general-log flush-slow-log +- fi ++ if [ -e @PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid ] ++ then ++ kill -1 $(<@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid) ++ fi + endscript + } diff --git a/SOURCES/mariadb-openssl3.patch b/SOURCES/mariadb-openssl3.patch new file mode 100644 index 0000000..0b69969 --- /dev/null +++ b/SOURCES/mariadb-openssl3.patch @@ -0,0 +1,378 @@ +From c80991c79f701dac42c630af4bd39593b0c7efb4 Mon Sep 17 00:00:00 2001 +From: Vladislav Vaintroub +Date: Mon, 8 Nov 2021 18:48:19 +0100 +Subject: [PATCH] MDEV-25785 Add support for OpenSSL 3.0 + +Summary of changes + +- MD_CTX_SIZE is increased + +- EVP_CIPHER_CTX_buf_noconst(ctx) does not work anymore, points + to nobody knows where. The assumption made previously was that + (since the function does not seem to be documented) + was that it points to the last partial source block. + Add own partial block buffer for NOPAD encryption instead + +- SECLEVEL in CipherString in openssl.cnf + had been downgraded to 0, from 1, to make TLSv1.0 and TLSv1.1 possible + +- Workaround Ssl_cipher_list issue, it now returns TLSv1.3 ciphers, + in addition to what was set in --ssl-cipher + +- ctx_buf buffer now must be aligned to 16 bytes with openssl( + previously with WolfSSL only), ot crashes will happen + +- updated aes-t , to be better debuggable + using function, rather than a huge multiline macro + added test that does "nopad" encryption piece-wise, to test + replacement of EVP_CIPHER_CTX_buf_noconst +--- + cmake/ssl.cmake | 19 ++++- + include/ssl_compat.h | 3 +- + mysql-test/lib/openssl.cnf | 2 +- + mysql-test/main/ssl_cipher.result | 6 +- + mysql-test/main/ssl_cipher.test | 2 +- + mysys_ssl/my_crypt.cc | 46 +++++++----- + unittest/mysys/aes-t.c | 121 ++++++++++++++++++++++-------- + 7 files changed, 141 insertions(+), 58 deletions(-) + + +diff -up mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 mariadb-10.5.12-downstream_modified/cmake/ssl.cmake +--- mariadb-10.5.12-downstream_modified/cmake/ssl.cmake.patch16 2021-08-03 10:29:07.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/cmake/ssl.cmake 2021-11-18 16:58:41.552440737 +0100 +@@ -139,9 +139,20 @@ MACRO (MYSQL_CHECK_SSL) + SET(SSL_INTERNAL_INCLUDE_DIRS "") + SET(SSL_DEFINES "-DHAVE_OPENSSL") + ++ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) ++ SET(SAVE_CMAKE_REQUIRED_${x} ${CMAKE_REQUIRED_${x}}) ++ ENDFOREACH() ++ ++ # Silence "deprecated in OpenSSL 3.0" ++ IF((NOT OPENSSL_VERSION) # 3.0 not determined by older cmake ++ OR NOT(OPENSSL_VERSION VERSION_LESS "3.0.0")) ++ SET(SSL_DEFINES "${SSL_DEFINES} -DOPENSSL_API_COMPAT=0x10100000L") ++ SET(CMAKE_REQUIRED_DEFINITIONS -DOPENSSL_API_COMPAT=0x10100000L) ++ ENDIF() ++ + SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) + SET(CMAKE_REQUIRED_LIBRARIES ${SSL_LIBRARIES}) +- SET(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) ++ + CHECK_SYMBOL_EXISTS(ERR_remove_thread_state "openssl/err.h" + HAVE_ERR_remove_thread_state) + CHECK_SYMBOL_EXISTS(EVP_aes_128_ctr "openssl/evp.h" +@@ -150,8 +161,10 @@ MACRO (MYSQL_CHECK_SSL) + HAVE_EncryptAes128Gcm) + CHECK_SYMBOL_EXISTS(X509_check_host "openssl/x509v3.h" + HAVE_X509_check_host) +- SET(CMAKE_REQUIRED_INCLUDES) +- SET(CMAKE_REQUIRED_LIBRARIES) ++ ++ FOREACH(x INCLUDES LIBRARIES DEFINITIONS) ++ SET(CMAKE_REQUIRED_${x} ${SAVE_CMAKE_REQUIRED_${x}}) ++ ENDFOREACH() + ELSE() + IF(WITH_SSL STREQUAL "system") + MESSAGE(FATAL_ERROR "Cannot find appropriate system libraries for SSL. Use WITH_SSL=bundled to enable SSL support") +diff -up mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 mariadb-10.5.12-downstream_modified/include/ssl_compat.h +--- mariadb-10.5.12-downstream_modified/include/ssl_compat.h.patch16 2021-08-03 10:29:07.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/include/ssl_compat.h 2021-11-18 16:58:41.552440737 +0100 +@@ -24,7 +24,7 @@ + #define SSL_LIBRARY OpenSSL_version(OPENSSL_VERSION) + #define ERR_remove_state(X) ERR_clear_error() + #define EVP_CIPHER_CTX_SIZE 176 +-#define EVP_MD_CTX_SIZE 48 ++#define EVP_MD_CTX_SIZE 72 + #undef EVP_MD_CTX_init + #define EVP_MD_CTX_init(X) do { memset((X), 0, EVP_MD_CTX_SIZE); EVP_MD_CTX_reset(X); } while(0) + #undef EVP_CIPHER_CTX_init +@@ -74,7 +74,6 @@ + #endif + + #define DH_set0_pqg(D,P,Q,G) ((D)->p= (P), (D)->g= (G)) +-#define EVP_CIPHER_CTX_buf_noconst(ctx) ((ctx)->buf) + #define EVP_CIPHER_CTX_encrypting(ctx) ((ctx)->encrypt) + #define EVP_CIPHER_CTX_SIZE sizeof(EVP_CIPHER_CTX) + +diff -up mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf +--- mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf.patch16 2021-08-03 10:29:07.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/mysql-test/lib/openssl.cnf 2021-11-18 16:58:41.552440737 +0100 +@@ -9,4 +9,4 @@ ssl_conf = ssl_section + system_default = system_default_section + + [system_default_section] +-CipherString = ALL:@SECLEVEL=1 ++CipherString = ALL:@SECLEVEL=0 +diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result +--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result.patch16 2021-08-03 10:29:08.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.result 2021-11-18 16:58:41.552440737 +0100 +@@ -61,8 +61,8 @@ connect ssl_con,localhost,root,,,,,SSL; + SHOW STATUS LIKE 'Ssl_cipher'; + Variable_name Value + Ssl_cipher AES128-SHA +-SHOW STATUS LIKE 'Ssl_cipher_list'; +-Variable_name Value +-Ssl_cipher_list AES128-SHA ++SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; ++VARIABLE_VALUE like '%AES128-SHA%' ++1 + disconnect ssl_con; + connection default; +diff -up mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test +--- mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test.patch16 2021-11-18 16:58:41.552440737 +0100 ++++ mariadb-10.5.12-downstream_modified/mysql-test/main/ssl_cipher.test 2021-11-18 17:00:47.753839711 +0100 +@@ -100,6 +100,6 @@ connect (ssl_con,localhost,root,,,,,SSL) + --replace_regex /TLS_AES_.*/AES128-SHA/ + SHOW STATUS LIKE 'Ssl_cipher'; + --replace_regex /TLS_AES_.*/AES128-SHA/ +-SHOW STATUS LIKE 'Ssl_cipher_list'; ++SELECT VARIABLE_VALUE like '%AES128-SHA%' FROM INFORMATION_SCHEMA.SESSION_STATUS WHERE VARIABLE_NAME='Ssl_cipher_list'; + disconnect ssl_con; + connection default; +diff -up mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc +--- mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc.patch16 2021-08-03 10:29:08.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/mysys_ssl/my_crypt.cc 2021-11-18 16:58:41.552440737 +0100 +@@ -29,11 +29,7 @@ + #include + #include + +-#ifdef HAVE_WOLFSSL + #define CTX_ALIGN 16 +-#else +-#define CTX_ALIGN 0 +-#endif + + class MyCTX + { +@@ -100,8 +96,9 @@ class MyCTX_nopad : public MyCTX + { + public: + const uchar *key; +- uint klen, buf_len; ++ uint klen, source_tail_len; + uchar oiv[MY_AES_BLOCK_SIZE]; ++ uchar source_tail[MY_AES_BLOCK_SIZE]; + + MyCTX_nopad() : MyCTX() { } + ~MyCTX_nopad() { } +@@ -112,7 +109,7 @@ public: + compile_time_assert(MY_AES_CTX_SIZE >= sizeof(MyCTX_nopad)); + this->key= key; + this->klen= klen; +- this->buf_len= 0; ++ this->source_tail_len= 0; + if (ivlen) + memcpy(oiv, iv, ivlen); + DBUG_ASSERT(ivlen == 0 || ivlen == sizeof(oiv)); +@@ -123,26 +120,41 @@ public: + return res; + } + ++ /** Update last partial source block, stored in source_tail array. */ ++ void update_source_tail(const uchar* src, uint slen) ++ { ++ if (!slen) ++ return; ++ uint new_tail_len= (source_tail_len + slen) % MY_AES_BLOCK_SIZE; ++ if (new_tail_len) ++ { ++ if (slen + source_tail_len < MY_AES_BLOCK_SIZE) ++ { ++ memcpy(source_tail + source_tail_len, src, slen); ++ } ++ else ++ { ++ DBUG_ASSERT(slen > new_tail_len); ++ memcpy(source_tail, src + slen - new_tail_len, new_tail_len); ++ } ++ } ++ source_tail_len= new_tail_len; ++ } ++ + int update(const uchar *src, uint slen, uchar *dst, uint *dlen) + { +- buf_len+= slen; ++ update_source_tail(src, slen); + return MyCTX::update(src, slen, dst, dlen); + } + + int finish(uchar *dst, uint *dlen) + { +- buf_len %= MY_AES_BLOCK_SIZE; +- if (buf_len) ++ if (source_tail_len) + { +- uchar *buf= EVP_CIPHER_CTX_buf_noconst(ctx); + /* + Not much we can do, block ciphers cannot encrypt data that aren't + a multiple of the block length. At least not without padding. + Let's do something CTR-like for the last partial block. +- +- NOTE this assumes that there are only buf_len bytes in the buf. +- If OpenSSL will change that, we'll need to change the implementation +- of this class too. + */ + uchar mask[MY_AES_BLOCK_SIZE]; + uint mlen; +@@ -154,10 +166,10 @@ public: + return rc; + DBUG_ASSERT(mlen == sizeof(mask)); + +- for (uint i=0; i < buf_len; i++) +- dst[i]= buf[i] ^ mask[i]; ++ for (uint i=0; i < source_tail_len; i++) ++ dst[i]= source_tail[i] ^ mask[i]; + } +- *dlen= buf_len; ++ *dlen= source_tail_len; + return MY_AES_OK; + } + }; +diff -up mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c +--- mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c.patch16 2021-08-03 10:29:10.000000000 +0200 ++++ mariadb-10.5.12-downstream_modified/unittest/mysys/aes-t.c 2021-11-18 16:58:41.553440740 +0100 +@@ -21,27 +21,96 @@ + #include + #include + +-#define DO_TEST(mode, nopad, slen, fill, dlen, hash) \ +- SKIP_BLOCK_IF(mode == 0xDEADBEAF, nopad ? 4 : 5, #mode " not supported") \ +- { \ +- memset(src, fill, src_len= slen); \ +- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, \ +- src, src_len, dst, &dst_len, \ +- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ +- "encrypt " #mode " %u %s", src_len, nopad ? "nopad" : "pad"); \ +- if (!nopad) \ +- ok (dst_len == my_aes_get_size(mode, src_len), "my_aes_get_size");\ +- my_md5(md5, (char*)dst, dst_len); \ +- ok(dst_len == dlen && memcmp(md5, hash, sizeof(md5)) == 0, "md5"); \ +- ok(my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, \ +- dst, dst_len, ddst, &ddst_len, \ +- key, sizeof(key), iv, sizeof(iv)) == MY_AES_OK, \ +- "decrypt " #mode " %u", dst_len); \ +- ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); \ ++ ++/** Test streaming encryption, bytewise update.*/ ++static int aes_crypt_bytewise(enum my_aes_mode mode, int flags, const unsigned char *src, ++ unsigned int slen, unsigned char *dst, unsigned int *dlen, ++ const unsigned char *key, unsigned int klen, ++ const unsigned char *iv, unsigned int ivlen) ++{ ++ /* Allocate context on odd address on stack, in order to ++ catch misalignment errors.*/ ++ void *ctx= (char *)alloca(MY_AES_CTX_SIZE+1)+1; ++ ++ int res1, res2; ++ uint d1= 0, d2; ++ uint i; ++ ++ if ((res1= my_aes_crypt_init(ctx, mode, flags, key, klen, iv, ivlen))) ++ return res1; ++ for (i= 0; i < slen; i++) ++ { ++ uint tmp_d1=0; ++ res1= my_aes_crypt_update(ctx, src+i,1, dst, &tmp_d1); ++ if (res1) ++ return res1; ++ d1+= tmp_d1; ++ dst+= tmp_d1; ++ } ++ res2= my_aes_crypt_finish(ctx, dst, &d2); ++ *dlen= d1 + d2; ++ return res1 ? res1 : res2; ++} ++ ++ ++#ifndef HAVE_EncryptAes128Ctr ++const uint MY_AES_CTR=0xDEADBEAF; ++#endif ++#ifndef HAVE_EncryptAes128Gcm ++const uint MY_AES_GCM=0xDEADBEAF; ++#endif ++ ++#define MY_AES_UNSUPPORTED(x) (x == 0xDEADBEAF) ++ ++static void do_test(uint mode, const char *mode_str, int nopad, uint slen, ++ char fill, size_t dlen, const char *hash) ++{ ++ uchar key[16]= {1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6}; ++ uchar iv[16]= {2, 3, 4, 5, 6, 7, 8, 9, 0, 1, 2, 3, 4, 5, 6, 7}; ++ uchar src[1000], dst[1100], dst2[1100], ddst[1000]; ++ uchar md5[MY_MD5_HASH_SIZE]; ++ uint src_len, dst_len, dst_len2, ddst_len; ++ int result; ++ ++ if (MY_AES_UNSUPPORTED(mode)) ++ { ++ skip(nopad?7:6, "%s not supported", mode_str); ++ return; ++ } ++ memset(src, fill, src_len= slen); ++ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, src_len, ++ dst, &dst_len, key, sizeof(key), iv, sizeof(iv)); ++ ok(result == MY_AES_OK, "encrypt %s %u %s", mode_str, src_len, ++ nopad ? "nopad" : "pad"); ++ ++ if (nopad) ++ { ++ result= aes_crypt_bytewise(mode, nopad | ENCRYPTION_FLAG_ENCRYPT, src, ++ src_len, dst2, &dst_len2, key, sizeof(key), ++ iv, sizeof(iv)); ++ ok(result == MY_AES_OK, "encrypt bytewise %s %u", mode_str, src_len); ++ /* Compare with non-bytewise encryption result*/ ++ ok(dst_len == dst_len2 && memcmp(dst, dst2, dst_len) == 0, ++ "memcmp bytewise %s %u", mode_str, src_len); + } ++ else ++ { ++ int dst_len_real= my_aes_get_size(mode, src_len); ++ ok(dst_len_real= dst_len, "my_aes_get_size"); ++ } ++ my_md5(md5, (char *) dst, dst_len); ++ ok(dst_len == dlen, "md5 len"); ++ ok(memcmp(md5, hash, sizeof(md5)) == 0, "md5"); ++ result= my_aes_crypt(mode, nopad | ENCRYPTION_FLAG_DECRYPT, ++ dst, dst_len, ddst, &ddst_len, key, sizeof(key), iv, ++ sizeof(iv)); ++ ++ ok(result == MY_AES_OK, "decrypt %s %u", mode_str, dst_len); ++ ok(ddst_len == src_len && memcmp(src, ddst, src_len) == 0, "memcmp"); ++} + +-#define DO_TEST_P(M,S,F,D,H) DO_TEST(M,0,S,F,D,H) +-#define DO_TEST_N(M,S,F,D,H) DO_TEST(M,ENCRYPTION_FLAG_NOPAD,S,F,D,H) ++#define DO_TEST_P(M, S, F, D, H) do_test(M, #M, 0, S, F, D, H) ++#define DO_TEST_N(M, S, F, D, H) do_test(M, #M, ENCRYPTION_FLAG_NOPAD, S, F, D, H) + + /* useful macro for debugging */ + #define PRINT_MD5() \ +@@ -53,25 +122,15 @@ + printf("\"\n"); \ + } while(0); + +-#ifndef HAVE_EncryptAes128Ctr +-const uint MY_AES_CTR=0xDEADBEAF; +-#endif +-#ifndef HAVE_EncryptAes128Gcm +-const uint MY_AES_GCM=0xDEADBEAF; +-#endif + + int + main(int argc __attribute__((unused)),char *argv[]) + { +- uchar key[16]= {1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6}; +- uchar iv[16]= {2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7}; +- uchar src[1000], dst[1100], ddst[1000]; +- uchar md5[MY_MD5_HASH_SIZE]; +- uint src_len, dst_len, ddst_len; + + MY_INIT(argv[0]); + +- plan(87); ++ plan(122); ++ + DO_TEST_P(MY_AES_ECB, 200, '.', 208, "\xd8\x73\x8e\x3a\xbc\x66\x99\x13\x7f\x90\x23\x52\xee\x97\x6f\x9a"); + DO_TEST_P(MY_AES_ECB, 128, '?', 144, "\x19\x58\x33\x85\x4c\xaa\x7f\x06\xd1\xb2\xec\xd7\xb7\x6a\xa9\x5b"); + DO_TEST_P(MY_AES_CBC, 159, '%', 160, "\x4b\x03\x18\x3d\xf1\xa7\xcd\xa1\x46\xb3\xc6\x8a\x92\xc0\x0f\xc9"); diff --git a/SOURCES/mariadb-ownsetup.patch b/SOURCES/mariadb-ownsetup.patch new file mode 100644 index 0000000..7728cf1 --- /dev/null +++ b/SOURCES/mariadb-ownsetup.patch @@ -0,0 +1,31 @@ +--- mariadb-10.4.14/support-files/CMakeLists.txt 2020-08-06 17:28:28.000000000 +0200 ++++ mariadb-10.4.14/support-files/CMakeLists.txt_patched 2020-09-03 13:21:07.826658279 +0200 +@@ -187,6 +187,7 @@ IF(UNIX) + COMPONENT SharedLibraries) + INSTALL(FILES rpm/mysql-clients.cnf DESTINATION ${INSTALL_SYSCONF2DIR} + COMPONENT Client) ++ CONFIGURE_FILE(rpm/server.cnf ${CMAKE_CURRENT_SOURCE_DIR}/rpm/server.cnf @ONLY) + INSTALL(FILES rpm/server.cnf DESTINATION ${INSTALL_SYSCONF2DIR} + COMPONENT IniFiles) + INSTALL(FILES rpm/enable_encryption.preset DESTINATION ${INSTALL_SYSCONF2DIR} + +diff -up mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup mariadb-10.0.15/support-files/rpm/server.cnf +--- mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup 2015-01-24 23:55:55.110063592 +0100 ++++ mariadb-10.0.15/support-files/rpm/server.cnf 2015-01-24 23:57:42.308114387 +0100 +@@ -9,7 +9,16 @@ + [server] + + # this is only for the mysqld standalone daemon ++# Settings user and group are ignored when systemd is used. ++# If you need to run mysqld under a different user or group, ++# customize your systemd unit file for mysqld/mariadb according to the ++# instructions in http://fedoraproject.org/wiki/Systemd + [mysqld] ++datadir=@MYSQL_DATADIR@ ++socket=@MYSQL_UNIX_ADDR@ ++log-error=@LOG_LOCATION@ ++pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid ++ + + # + # * Galera-related settings diff --git a/SOURCES/mariadb-pcdir.patch b/SOURCES/mariadb-pcdir.patch new file mode 100644 index 0000000..117273a --- /dev/null +++ b/SOURCES/mariadb-pcdir.patch @@ -0,0 +1,19 @@ +Use PCDIR CMake option, if configured + +Upstream install the server pkgconfig file into arch-independent directory +Reported to upstream as: https://jira.mariadb.org/browse/MDEV-14340 + +--- mariadb-10.5.5/support-files/CMakeLists.txt.old 2020-09-30 10:36:08.582490318 +0200 ++++ mariadb-10.5.5/support-files/CMakeLists.txt 2020-09-30 10:38:58.079710848 +0200 +@@ -91,7 +91,11 @@ + ENDIF() + + CONFIGURE_FILE(mariadb.pc.in ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc @ONLY) ++IF(INSTALL_PCDIR) ++ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_PCDIR} COMPONENT Development) ++ELSE() + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb.pc DESTINATION ${INSTALL_LIBDIR}/pkgconfig COMPONENT Development) ++ENDIF() + + INSTALL(FILES mysql.m4 DESTINATION ${INSTALL_SHAREDIR}/aclocal COMPONENT Development) + diff --git a/SOURCES/mariadb-prepare-db-dir.sh b/SOURCES/mariadb-prepare-db-dir.sh new file mode 100644 index 0000000..cccfe96 --- /dev/null +++ b/SOURCES/mariadb-prepare-db-dir.sh @@ -0,0 +1,137 @@ +#!/bin/sh + +# This script creates the MariaDB data directory during first service start. +# In subsequent starts, it does nothing much. + +source "`dirname ${BASH_SOURCE[0]}`/mariadb-scripts-common" + +export LC_ALL=C + +# Returns content of the specified directory +# If listing files fails, fake-file is returned so which means +# we'll behave like there was some data initialized +# Some files or directories are fine to be there, so those are +# explicitly removed from the listing +# @param datadir +list_datadir () +{ + ( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \ + -e '^lost+found$' \ + -e '\.err$' \ + -e '^.bash_history$' +} + +# Checks whether datadir should be initialized +# @param datadir +should_initialize () +{ + test -z "$(list_datadir "$1")" +} + +# If two args given first is user, second is group +# otherwise the arg is the systemd service file +if [ "$#" -eq 2 ] +then + myuser="$1" + mygroup="$2" +else + # Absorb configuration settings from the specified systemd service file, + # or the default service if not specified + SERVICE_NAME="$1" + if [ x"$SERVICE_NAME" = x ] + then + SERVICE_NAME=@DAEMON_NAME@.service + fi + + myuser=`systemctl show -p User "${SERVICE_NAME}" | + sed 's/^User=//'` + if [ x"$myuser" = x ] + then + myuser=mysql + fi + + mygroup=`systemctl show -p Group "${SERVICE_NAME}" | + sed 's/^Group=//'` + if [ x"$mygroup" = x ] + then + mygroup=mysql + fi +fi + +# Set up the errlogfile with appropriate permissions +if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a x$(dirname "$errlogfile") = "x/var/log" ]; then + case $(basename "$errlogfile") in + mysql*.log|mariadb*.log) install /dev/null -m0640 -o$myuser -g$mygroup "$errlogfile" ;; + *) ;; + esac +else + # Provide some advice if the log file cannot be created by this script + errlogdir=$(dirname "$errlogfile") + if ! [ -d "$errlogdir" ] ; then + echo "The directory $errlogdir does not exist." >&2 + exit 1 + elif [ -e "$errlogfile" -a ! -w "$errlogfile" ] ; then + echo "The log file $errlogfile cannot be written, please, fix its permissions." >&2 + echo "The daemon will be run under $myuser:$mygroup" >&2 + exit 1 + fi +fi + +# Make the data directory if doesn't exist or empty +if should_initialize "$datadir" ; then + # First, make sure $datadir is there with correct permissions + # (note: if it's not, and we're not root, this'll fail ...) + if [ ! -e "$datadir" -a ! -h "$datadir" ] + then + mkdir -p "$datadir" || exit 1 + fi + chown "$myuser:$mygroup" "$datadir" + chmod 0755 "$datadir" + [ -x /sbin/restorecon ] && /sbin/restorecon "$datadir" + + # Now create the database + echo "Initializing @NICE_PROJECT_NAME@ database" >&2 + # Avoiding deletion of files not created by mysql_install_db is + # guarded by time check and sleep should help work-arounded + # potential issues on systems with 1 second resolution timestamps + # https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19 + INITDB_TIMESTAMP=`LANG=C date -u` + sleep 1 + @bindir@/mariadb-install-db --rpm --datadir="$datadir" --user="$myuser" --skip-test-db >&2 + ret=$? + if [ $ret -ne 0 ] ; then + echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2 + echo "Perhaps @sysconfdir@/my.cnf is misconfigured or there is some problem with permissions of $datadir." >&2 + # Clean up any partially-created database files + if [ ! -e "$datadir/mysql/user.frm" ] && [ -d "$datadir" ] ; then + echo "Initialization of @NICE_PROJECT_NAME@ database was not finished successfully." >&2 + echo "Files created so far will be removed." >&2 + find "$datadir" -mindepth 1 -maxdepth 1 -newermt "$INITDB_TIMESTAMP" \ + -not -name "lost+found" -exec rm -rf {} + + if [ $? -ne 0 ] ; then + echo "Removing of created files was not successfull." >&2 + echo "Please, clean directory $datadir manually." >&2 + fi + else + echo "However, part of data has been initialized and those will not be removed." >&2 + echo "Please, clean directory $datadir manually." >&2 + fi + exit $ret + fi + # upgrade does not need to be run on a fresh datadir + echo "@VERSION@-MariaDB" >"$datadir/mysql_upgrade_info" +else + if [ -d "$datadir/mysql/" ] ; then + # mysql dir exists, it seems data are initialized properly + echo "Database @NICE_PROJECT_NAME@ is probably initialized in $datadir already, nothing is done." + echo "If this is not the case, make sure the $datadir is empty before running `basename $0`." + else + # if the directory is not empty but mysql/ directory is missing, then + # print error and let user to initialize manually or empty the directory + echo "Database @NICE_PROJECT_NAME@ is not initialized, but the directory $datadir is not empty, so initialization cannot be done." >&2 + echo "Make sure the $datadir is empty before running `basename $0`." >&2 + exit 1 + fi +fi + +exit 0 diff --git a/SOURCES/mariadb-scripts-common.sh b/SOURCES/mariadb-scripts-common.sh new file mode 100644 index 0000000..e603a9e --- /dev/null +++ b/SOURCES/mariadb-scripts-common.sh @@ -0,0 +1,68 @@ +#!/bin/sh + +# Some useful functions used in other MariaDB helper scripts +# This scripts defines variables datadir, errlogfile, socketfile + +export LC_ALL=C + +# extract value of a MariaDB option from config files +# Usage: get_mysql_option VARNAME DEFAULT SECTION [ SECTION, ... ] +# result is returned in $result +# We use my_print_defaults which prints all options from multiple files, +# with the more specific ones later; hence take the last match. +get_mysql_option(){ + if [ $# -ne 3 ] ; then + echo "get_mysql_option requires 3 arguments: section option default_value" + return + fi + sections="$1" + option_name="$2" + default_value="$3" + result=`@bindir@/my_print_defaults $my_print_defaults_extra_args $sections | sed -n "s/^--${option_name}=//p" | tail -n 1` + if [ -z "$result" ]; then + # not found, use default + result="${default_value}" + fi +} + +# For the case of running more instances via systemd, scripts that source +# this file can get --default-group-suffix or similar option as the first +# argument. The utility my_print_defaults needs to use it as well, so the +# scripts sourcing this file work with the same options as the daemon. +my_print_defaults_extra_args='' +while echo "$1" | grep -q '^--defaults' ; do + my_print_defaults_extra_args="${my_print_defaults_extra_args} $1" + shift +done + +# Defaults here had better match what mariadbd-safe will default to +# The option values are generally defined on three important places +# on the default installation: +# 1) default values are hardcoded in the code of mariadbd daemon or +# mariadbd-safe script +# 2) configurable values are defined in @sysconfdir@/my.cnf +# 3) default values for helper scripts are specified bellow +# So, in case values are defined in my.cnf, we need to get that value. +# In case they are not defined in my.cnf, we need to get the same value +# in the daemon, as in the helper scripts. Thus, default values here +# must correspond with values defined in mariadbd-safe script and source +# code itself. + +server_sections="mysqld_safe mysqld server mysqld-@MAJOR_VERSION@.@MINOR_VERSION@ mariadb mariadb-@MAJOR_VERSION@.@MINOR_VERSION@ mariadbd mariadbd-@MAJOR_VERSION@.@MINOR_VERSION@ client-server galera" + +get_mysql_option "$server_sections" datadir "@MYSQL_DATADIR@" +datadir="$result" + +# if there is log_error in the my.cnf, my_print_defaults still +# returns log-error +# log-error might be defined in mysqld_safe and mysqld sections, +# the former has bigger priority +get_mysql_option "$server_sections" log-error "$datadir/`uname -n`.err" +errlogfile="$result" + +get_mysql_option "$server_sections" socket "@MYSQL_UNIX_ADDR@" +socketfile="$result" + +get_mysql_option "$server_sections" pid-file "$datadir/`uname -n`.pid" +pidfile="$result" + diff --git a/SOURCES/mariadb-scripts.patch b/SOURCES/mariadb-scripts.patch new file mode 100644 index 0000000..3b6dc16 --- /dev/null +++ b/SOURCES/mariadb-scripts.patch @@ -0,0 +1,41 @@ +We have some downstream patches and other scripts that include variables to +be expanded by cmake. Cmake needs to know about them, so adding them manually. + + # Install libgcc as mylibgcc.a +--- mariadb-10.5.5/scripts/CMakeLists.txt.old 2020-09-24 10:13:35.272589689 +0200 ++++ mariadb-10.5.5/scripts/CMakeLists.txt 2020-09-24 10:17:31.428985798 +0200 +@@ -377,6 +377,34 @@ + INSTALL_LINK(${file} ${binname} ${INSTALL_BINDIR} ${${file}_COMPONENT}) + ENDIF() + ENDFOREACH() ++ ++ # files for systemd ++ SET(SYSTEMD_SCRIPTS ++ mariadb.tmpfiles.d ++ mysql.service ++ mysql@.service ++ mariadb-prepare-db-dir ++ mariadb-check-socket ++ mariadb-check-upgrade ++ mariadb-scripts-common ++ mysql_config_multilib ++ clustercheck ++ galera_new_cluster ++ my.cnf ++ ) ++ FOREACH(file ${SYSTEMD_SCRIPTS}) ++ IF(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${file}.sh) ++ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${file}.sh ++ ${CMAKE_CURRENT_BINARY_DIR}/${file} ESCAPE_QUOTES @ONLY) ++ ELSEIF(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/${file}.in) ++ CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/${file}.in ++ ${CMAKE_CURRENT_BINARY_DIR}/${file} ESCAPE_QUOTES @ONLY) ++ ELSE() ++ MESSAGE(FATAL_ERROR "Can not find ${file}.sh or ${file}.in in " ++ "${CMAKE_CURRENT_SOURCE_DIR}" ) ++ ENDIF() ++ ENDFOREACH() ++ + ENDIF() + + # Install libgcc as mylibgcc.a diff --git a/SOURCES/mariadb-server-galera.te b/SOURCES/mariadb-server-galera.te new file mode 100644 index 0000000..bdce127 --- /dev/null +++ b/SOURCES/mariadb-server-galera.te @@ -0,0 +1,23 @@ + +module mariadb-server-galera 1.0; + +require { + type mysqld_t; + type rsync_exec_t; + type anon_inodefs_t; + type proc_net_t; + type kerberos_port_t; + class file { read execute execute_no_trans getattr open }; + class tcp_socket { name_bind name_connect }; + class process { setpgid siginh rlimitinh noatsecure }; +} + +# allow mysqld to run rsyncd +allow mysqld_t self:process setpgid; +allow mysqld_t rsync_exec_t:file { read execute execute_no_trans getattr open }; +allow mysqld_t anon_inodefs_t:file getattr; +allow mysqld_t proc_net_t:file { read open }; + +# allow rsyncd to listen on port 4444 +allow mysqld_t kerberos_port_t:tcp_socket { name_bind name_connect }; + diff --git a/SOURCES/mariadb-ssl-cipher-tests.patch b/SOURCES/mariadb-ssl-cipher-tests.patch new file mode 100644 index 0000000..567e433 --- /dev/null +++ b/SOURCES/mariadb-ssl-cipher-tests.patch @@ -0,0 +1,13 @@ +diff -up mariadb-10.3.9/mysql-test/main/ssl_cipher.test.fixtest mariadb-10.3.9/mysql-test/main/ssl_cipher.test +--- mariadb-10.3.13/mysql-test/main/ssl_cipher.test 2019-02-20 08:59:09.000000000 +0100 ++++ mariadb-10.3.13/mysql-test/main/ssl_cipher.test_patched 2019-02-22 11:22:01.250256060 +0100 +@@ -97,7 +97,9 @@ drop user mysqltest_1@localhost; + let $restart_parameters=--ssl-cipher=AES128-SHA; + source include/restart_mysqld.inc; + connect (ssl_con,localhost,root,,,,,SSL); ++--replace_regex /TLS_AES_.*/AES128-SHA/ + SHOW STATUS LIKE 'Ssl_cipher'; ++--replace_regex /TLS_AES_.*/AES128-SHA/ + SHOW STATUS LIKE 'Ssl_cipher_list'; + disconnect ssl_con; + connection default; diff --git a/SOURCES/mariadb.tmpfiles.d.in b/SOURCES/mariadb.tmpfiles.d.in new file mode 100644 index 0000000..9e6b6e8 --- /dev/null +++ b/SOURCES/mariadb.tmpfiles.d.in @@ -0,0 +1,3 @@ +# Do not edit this file. +# To override this, put /etc/tmpfiles.d/mariadb.conf instead. +d @PID_FILE_DIR@ 0755 mysql mysql - diff --git a/SOURCES/my.cnf.in b/SOURCES/my.cnf.in new file mode 100644 index 0000000..247e12d --- /dev/null +++ b/SOURCES/my.cnf.in @@ -0,0 +1,18 @@ +# +# This group is read both both by the client and the server +# use it for options that affect everything +# +[client-server] + +# +# This group is read by the server +# +[mysqld] +# Disabling symbolic-links is recommended to prevent assorted security risks +symbolic-links=0 + +# +# include all files from the config directory +# +!includedir @INSTALL_SYSCONF2DIR@ + diff --git a/SOURCES/mysql.service.in b/SOURCES/mysql.service.in new file mode 100644 index 0000000..91dfeca --- /dev/null +++ b/SOURCES/mysql.service.in @@ -0,0 +1,64 @@ +# It's not recommended to modify this file in-place, because it will be +# overwritten during package upgrades. If you want to customize, the +# best way is to: +# +# root> systemctl edit @DAEMON_NAME@.service +# +# Then add additonal directives under a section (probably [Service]). +# +# For more info about custom unit files, see systemd.unit(5) or +# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F +# +# For example, if you want to increase MariaDB's open-files-limit to 10000, +# you need to increase systemd's LimitNOFILE setting, use the contents below: +# +# [Service] +# LimitNOFILE=10000 +# + +[Unit] +Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server +Documentation=man:mariadbd(8) +Documentation=https://mariadb.com/kb/en/library/systemd/ +After=network.target + +[Install] +WantedBy=multi-user.target +Alias=mysql.service +Alias=mysqld.service + +[Service] +Type=notify +User=mysql +Group=mysql + +ExecStartPre=@libexecdir@/mariadb-check-socket +# '%n' expands to 'Full unit name'; man systemd.unit +ExecStartPre=@libexecdir@/mariadb-prepare-db-dir %n +# MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf +# Note: we set --basedir to prevent probes that might trigger SELinux alarms, +# per bug #547485 +ExecStart=@libexecdir@/mariadbd --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER +ExecStartPost=@libexecdir@/mariadb-check-upgrade + +# Setting this to true can break replication and the Type=notify settings +# See also bind-address MariaDB option. +PrivateNetwork=false + +KillSignal=SIGTERM + +# Don't want to see an automated SIGKILL ever +SendSIGKILL=no + +# Restart crashed server only, on-failure would also restart, for example, when +# my.cnf contains unknown option +Restart=on-abort +RestartSec=5s + +UMask=007 + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=300 + +# Place temp files in a secure directory, not /tmp +PrivateTmp=true diff --git a/SOURCES/mysql@.service.in b/SOURCES/mysql@.service.in new file mode 100644 index 0000000..acb2c57 --- /dev/null +++ b/SOURCES/mysql@.service.in @@ -0,0 +1,85 @@ +# Multi instance version of MariaDB. For if you run mutiple verions at once. +# Also used for @DAEMON_NAME@@bootstrap to bootstrap Galera. +# +# To use multi instance variant, use [mariadbd.INSTANCENAME] as sections in +# @sysconfdir@/@my.cnf to change per instance settings. A minimumal necessary +# configuration items to change to avoid conflicts between instances is: +# +# [mariadbd.instancename] +# # TCP port to make available for clients +# port=3306 +# # Socket to make available for clients +# socket=/tmp/mariadb-instancename.sock +# # Where MariaDB should store all its data +# datadir=/usr/local/mariadb-instancename/data +# +# and start the service via: +# +# root> systemctl start @DAEMON_NAME@@{instancename}.server +# +# It's not recommended to modify this file in-place, because it will be +# overwritten during package upgrades. If you want to customize, for +# all instances, the best way is: +# +# root> systemctl edit @DAEMON_NAME@@.service +# +# Then add additonal directives under a section (probably [Service]). +# +# If you only want to change a specific instance: +# +# root> systemctl edit @DAEMON_NAME@@{instancename}.server +# +# For more info about custom unit files, see systemd.unit(5) or +# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F +# +# For example, if you want to increase MariaDB's open-files-limit to 10000, +# you need to increase systemd's LimitNOFILE setting, use the contents below: +# +# [Service] +# LimitNOFILE=10000 + +[Unit] +Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server +Documentation=man:mariadbd(8) +Documentation=https://mariadb.com/kb/en/library/systemd/ +After=network.target + +[Install] +WantedBy=multi-user.target +Alias=mysql.service +Alias=mysqld.service + +[Service] +Type=notify +User=mysql +Group=mysql + +ExecStartPre=@libexecdir@/mariadb-check-socket --defaults-group-suffix=.%I +ExecStartPre=@libexecdir@/mariadb-prepare-db-dir --defaults-group-suffix=.%I %n +# MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf +# Note: we set --basedir to prevent probes that might trigger SELinux alarms, +# per bug #547485 +ExecStart=@libexecdir@/mariadbd --defaults-group-suffix=.%I --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER +ExecStartPost=@libexecdir@/mariadb-check-upgrade --defaults-group-suffix=.%I + +# Setting this to true can break replication and the Type=notify settings +# See also bind-address MariaDB option. +PrivateNetwork=false + +KillSignal=SIGTERM + +# Don't want to see an automated SIGKILL ever +SendSIGKILL=no + +# Restart crashed server only, on-failure would also restart, for example, when +# my.cnf contains unknown option +Restart=on-abort +RestartSec=5s + +UMask=007 + +# Give a reasonable amount of time for the server to start up/shut down +TimeoutSec=300 + +# Place temp files in a secure directory, not /tmp +PrivateTmp=true diff --git a/SOURCES/mysql_config_multilib.sh b/SOURCES/mysql_config_multilib.sh new file mode 100644 index 0000000..06c2a2b --- /dev/null +++ b/SOURCES/mysql_config_multilib.sh @@ -0,0 +1,26 @@ +#! /bin/sh +# +# Wrapper script for mysql_config to support multilib +# +# This command respects setarch + +bits=$(rpm --eval %__isa_bits) + +case $bits in + 32|64) status=known ;; + *) status=unknown ;; +esac + +if [ "$status" = "unknown" ] ; then + echo "$0: error: command 'rpm --eval %__isa_bits' returned unknown value: $bits" + exit 1 +fi + + +if [ -x @bindir@/mysql_config-$bits ] ; then + @bindir@/mysql_config-$bits "$@" +else + echo "$0: error: needed binary: @bindir@/mysql_config-$bits is missing" + exit 1 +fi + diff --git a/SOURCES/rh-skipped-tests-arm.list b/SOURCES/rh-skipped-tests-arm.list new file mode 100644 index 0000000..ec2e920 --- /dev/null +++ b/SOURCES/rh-skipped-tests-arm.list @@ -0,0 +1,5 @@ +# Fails since 10.3.17, only on armv7hl +versioning.partition : + +# Fail since 10.4.16 only on armv7hl +versioning.partition_rotation : diff --git a/SOURCES/rh-skipped-tests-base.list b/SOURCES/rh-skipped-tests-base.list new file mode 100644 index 0000000..1c2f917 --- /dev/null +++ b/SOURCES/rh-skipped-tests-base.list @@ -0,0 +1,69 @@ +# The SSL test are failing correctly. Fro more explanation, see: +# https://jira.mariadb.org/browse/MDEV-8404?focusedCommentId=84275&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-84275 +main.ssl_7937 : #1399847 +main.ssl_8k_key : +main.ssl_crl : #1399847 + +# ------------------------------ +# Tests that fails because of 'Self Signed Certificate in the Certificate Chain' +perfschema.cnf_option : + +rpl.rpl_row_img_blobs : +rpl.rpl_row_img_eng_min : +rpl.rpl_row_img_eng_noblob : + +sys_vars.slave_parallel_threads_basic : + +# ------------------------------ +# Expected to fail, the plugin is not build with server, but 'mariadb-connector-c' instead +plugins.auth_ed25519 : +plugins.multiauth : + +# ------------------------------ +perfschema.nesting : #1399847 +perfschema.socket_summary_by_instance_func : #1399847 +perfschema.socket_summary_by_event_name_func : + +# ------------------------------ +# Fails since 10.1.12 +innodb.innodb_defrag_binlog : + +# Fails everywhere since 10.2.15 +main.userstat : + +# Fails everywhere since 10.4.11 +main.events_bugs : +sys_vars.tcp_nodelay : + +# Fails on i686 +encryption.innodb-redo-badkey : + +# Fails since 10.5.2 +main.mysqld--help2 : +disks.disks : +disks.disks_notembedded : + +# Fails since 10.5.3 +main.mysqld--help-aria : + +# Fails since 10.5.4 +main.ssl_system_ca : + +# Fails since 10.5.7 +innodb.innodb_wl6326_big : +plugins.feedback_plugin_load : + +# Fails only on RHEL 9 BETA on i686 architecture +main.myisampack : + +# Fails on all arches since 10.5.13 on CentOS Stream 9 +oqgraph.regression_mdev6345 : +type_test.type_test_double : +# Fails only on i686 since 10.5.13 on CentOS Stream 9 +oqgraph.general-innodb : +oqgraph.general-Aria : +oqgraph.general-MyISAM : +oqgraph.legacy_upgrade : +oqgraph.regression_1133093 : +oqgraph.regression_1196036 : +oqgraph.regression_1213120 : diff --git a/SOURCES/rh-skipped-tests-ppc.list b/SOURCES/rh-skipped-tests-ppc.list new file mode 100644 index 0000000..403da66 --- /dev/null +++ b/SOURCES/rh-skipped-tests-ppc.list @@ -0,0 +1,5 @@ +# Fails on ppc64le since 10.4.12 +oqgraph.social : + +# Fails since 10.5.2 +rh-skipped-tests-ppc.list : diff --git a/SOURCES/rh-skipped-tests-s390.list b/SOURCES/rh-skipped-tests-s390.list new file mode 100644 index 0000000..3ca7588 --- /dev/null +++ b/SOURCES/rh-skipped-tests-s390.list @@ -0,0 +1,3 @@ +# Fails since 10.5.2 +perfschema.memory_aggregate_32bit : +period.overlaps : diff --git a/SOURCES/wsrep_sst_rsync_tunnel b/SOURCES/wsrep_sst_rsync_tunnel new file mode 100644 index 0000000..f537249 --- /dev/null +++ b/SOURCES/wsrep_sst_rsync_tunnel @@ -0,0 +1,492 @@ +#!/bin/bash -ue + +# Copyright (C) 2010-2014 Codership Oy +# Copyright (C) 2017-2020 Damien Ciabrini +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; see the file COPYING. If not, write to the +# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston +# MA 02110-1301 USA. + +# This is a reference script for rsync-based state snapshot tansfer +# over an encrypted communication channel, managed by socat + +RSYNC_PID= # rsync pid file +RSYNC_CONF= # rsync configuration file +RSYNC_REAL_PID= # rsync process id + +SOCAT_PID= # socat pid file +SOCAT_REAL_PID= # socat process id + +SOCAT_OPTS= # openssl connection args + +MODULE="rsync_tunnel_sst" + +OS=$(uname) +[ "$OS" == "Darwin" ] && export -n LD_LIBRARY_PATH + +# Setting the path for lsof on CentOS +export PATH="/usr/sbin:/sbin:$PATH" + +. $(dirname $0)/wsrep_sst_common + +wsrep_check_programs rsync socat + +cleanup_pid() +{ + local real_pid=$1 + [ "0" != "$real_pid" ] && \ + kill $real_pid && \ + sleep 0.5 && \ + kill -9 $real_pid >/dev/null 2>&1 || \ + : +} + +cleanup_tunnel() +{ + if [ -n "$SOCAT_REAL_PID" ] && ps -p "$SOCAT_REAL_PID" >/dev/null 2>&1; then + wsrep_log_info "cleanup socat PID: $SOCAT_REAL_PID" + cleanup_pid $SOCAT_REAL_PID + fi + rm -rf "$SOCAT_PID" +} + +cleanup_joiner() +{ + wsrep_log_info "Joiner cleanup. rsync PID: $RSYNC_REAL_PID" + [ -n "$RSYNC_REAL_PID" ] && cleanup_pid $RSYNC_REAL_PID + rm -rf "$RSYNC_CONF" + rm -rf "$MAGIC_FILE" + rm -rf "$RSYNC_PID" + + cleanup_tunnel + + wsrep_log_info "Joiner cleanup done." + if [ "${WSREP_SST_OPT_ROLE}" = "joiner" ];then + wsrep_cleanup_progress_file + fi +} + +# Check whether process is still running. +check_pid() +{ + local pid_file=$1 + [ -r "$pid_file" ] && ps -p $(cat $pid_file) >/dev/null 2>&1 +} + +check_pid_and_port() +{ + local pid_file=$1 + local service_pid=$2 + local service_port=$3 + local service_host=$4 + local service_name=$5 + + if ! which lsof > /dev/null; then + wsrep_log_error "lsof tool not found in PATH! Make sure you have it installed." + exit 2 # ENOENT + fi + + local port_info=$(lsof -i "@"$service_host:$service_port -Pn 2>/dev/null | \ + grep "(LISTEN)") + local is_service=$(echo $port_info | \ + grep -w '^'"$service_name"'[[:space:]]\+'"$service_pid" 2>/dev/null) + + if [ -n "$port_info" -a -z "$is_service" ]; then + wsrep_log_error "$service_name daemon port '$service_port' has been taken" + exit 16 # EBUSY + fi + + if ! check_pid $pid_file; then + wsrep_log_error "$service_name process terminated unexpectedly" + exit 10 # ECHILD + fi + + [ -n "$port_info" ] && [ -n "$is_service" ] && \ + [ $(cat $pid_file) -eq $service_pid ] +} + +config_from_cnf() +{ + local group=$1 + local key=$2 + echo $($MY_PRINT_DEFAULTS $group | grep -- "--$key=" | cut -d= -f2- | tail -1) +} + +setup_tunnel_args() +{ + tca=$(config_from_cnf sst tca) + tkey=$(config_from_cnf sst tkey) + tcert=$(config_from_cnf sst tcert) + sockopt=$(config_from_cnf sst sockopt) + + if [ -z "$tcert" ]; then + wsrep_log_error "Encryption certificate not found in my.cnf" + exit 3 + else + SOCAT_OPTS="cert=$tcert" + fi + [ -n "$tkey" ] && SOCAT_OPTS="$SOCAT_OPTS,key=$tkey" + [ -n "$tca" ] && SOCAT_OPTS="$SOCAT_OPTS,cafile=$tca" + wsrep_log_info "Encryption setting to be used for socat tunnel: $SOCAT_OPTS" + + [ -n "$sockopt" ] && SOCAT_OPTS="$SOCAT_OPTS,$sockopt" +} + +MAGIC_FILE="$WSREP_SST_OPT_DATA/rsync_tunnel_sst_complete" +rm -rf "$MAGIC_FILE" + +BINLOG_TAR_FILE="$WSREP_SST_OPT_DATA/wsrep_sst_binlog.tar" +BINLOG_N_FILES=1 +rm -f "$BINLOG_TAR_FILE" || : + +if ! [ -z $WSREP_SST_OPT_BINLOG ] +then + BINLOG_DIRNAME=$(dirname $WSREP_SST_OPT_BINLOG) + BINLOG_FILENAME=$(basename $WSREP_SST_OPT_BINLOG) +fi + +WSREP_LOG_DIR=${WSREP_LOG_DIR:-""} +# if WSREP_LOG_DIR env. variable is not set, try to get it from my.cnf +if [ -z "$WSREP_LOG_DIR" ]; then + WSREP_LOG_DIR=$($MY_PRINT_DEFAULTS --mysqld \ + | grep -- '--innodb[-_]log[-_]group[-_]home[-_]dir=' \ + | cut -b 29- ) +fi + +if [ -n "$WSREP_LOG_DIR" ]; then + # handle both relative and absolute paths + WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; mkdir -p "$WSREP_LOG_DIR"; cd $WSREP_LOG_DIR; pwd -P) +else + # default to datadir + WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; pwd -P) +fi + +# Old filter - include everything except selected +# FILTER=(--exclude '*.err' --exclude '*.pid' --exclude '*.sock' \ +# --exclude '*.conf' --exclude core --exclude 'galera.*' \ +# --exclude grastate.txt --exclude '*.pem' \ +# --exclude '*.[0-9][0-9][0-9][0-9][0-9][0-9]' --exclude '*.index') + +# New filter - exclude everything except dirs (schemas) and innodb files +FILTER=(-f '- /lost+found' -f '- /.fseventsd' -f '- /.Trashes' + -f '+ /wsrep_sst_binlog.tar' -f '+ /ib_lru_dump' -f '+ /ibdata*' -f '+ /*/' -f '- /*') + +SOCAT_PID="$WSREP_SST_OPT_DATA/$MODULE-socat.pid" + +if check_pid $SOCAT_PID +then + wsrep_log_error "socat tunnel already running." + exit 114 # EALREADY +fi +rm -rf "$SOCAT_PID" + +setup_tunnel_args + +if [ "$WSREP_SST_OPT_ROLE" = "donor" ] +then + + SOCAT_JOINER_ADDR=$(echo $WSREP_SST_OPT_ADDR | awk -F'/' '{print $1}') + # map to name in case we received an IP + SOCAT_JOINER_HOST=$(getent hosts $SOCAT_JOINER_ADDR | awk '{ print $2 }') + if [ -z "$SOCAT_JOINER_HOST" ]; then + SOCAT_JOINER_HOST=$SOCAT_JOINER_ADDR + fi + SOCAT_PORT=$(echo $SOCAT_JOINER_ADDR | awk -F ':' '{ print $2 }') + if [ -z "$SOCAT_PORT" ] + then + SOCAT_PORT=4444 + fi + TARGET_ADDR=localhost:$SOCAT_PORT/$MODULE + + trap cleanup_tunnel EXIT + + # Socat forwards rsync connections to the joiner + SOCAT_SRC=tcp-listen:$SOCAT_PORT,bind=localhost,reuseaddr,fork + SOCAT_DST=openssl:$SOCAT_JOINER_HOST,$SOCAT_OPTS + wsrep_log_info "Setting up tunnel for donor: socat $SOCAT_SRC $SOCAT_DST" + socat $SOCAT_SRC $SOCAT_DST & + SOCAT_REAL_PID=$! + # This is ok because a local galera node doesn't run SST concurrently + echo $SOCAT_REAL_PID >"$SOCAT_PID" + until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT localhost "socat" + do + sleep 0.2 + done + + if [ $WSREP_SST_OPT_BYPASS -eq 0 ] + then + + FLUSHED="$WSREP_SST_OPT_DATA/tables_flushed" + ERROR="$WSREP_SST_OPT_DATA/sst_error" + + rm -rf "$FLUSHED" + rm -rf "$ERROR" + + # Use deltaxfer only for WAN + inv=$(basename $0) + [ "$inv" = "wsrep_sst_rsync_wan" ] && WHOLE_FILE_OPT="" \ + || WHOLE_FILE_OPT="--whole-file" + + echo "flush tables" + + # Wait for : + # (a) Tables to be flushed, AND + # (b) Cluster state ID & wsrep_gtid_domain_id to be written to the file, OR + # (c) ERROR file, in case flush tables operation failed. + + while [ ! -r "$FLUSHED" ] && ! grep -q ':' "$FLUSHED" >/dev/null 2>&1 + do + # Check whether ERROR file exists. + if [ -f "$ERROR" ] + then + # Flush tables operation failed. + rm -rf "$ERROR" + exit 255 + fi + + sleep 0.2 + done + + STATE="$(cat $FLUSHED)" + rm -rf "$FLUSHED" + + sync + + if ! [ -z $WSREP_SST_OPT_BINLOG ] + then + # Prepare binlog files + pushd $BINLOG_DIRNAME &> /dev/null + binlog_files_full=$(tail -n $BINLOG_N_FILES ${BINLOG_FILENAME}.index) + binlog_files="" + for ii in $binlog_files_full + do + binlog_files="$binlog_files $(basename $ii)" + done + if ! [ -z "$binlog_files" ] + then + wsrep_log_info "Preparing binlog files for transfer:" + tar -cvf $BINLOG_TAR_FILE $binlog_files >&2 + fi + popd &> /dev/null + fi + + # first, the normal directories, so that we can detect incompatible protocol + RC=0 + rsync --owner --group --perms --links --specials \ + --ignore-times --inplace --dirs --delete --quiet \ + $WHOLE_FILE_OPT "${FILTER[@]}" "$WSREP_SST_OPT_DATA/" \ + rsync://$TARGET_ADDR >&2 || RC=$? + + if [ "$RC" -ne 0 ]; then + wsrep_log_error "rsync returned code $RC:" + + case $RC in + 12) RC=71 # EPROTO + wsrep_log_error \ + "rsync server on the other end has incompatible protocol. " \ + "Make sure you have the same version of rsync on all nodes." + ;; + 22) RC=12 # ENOMEM + ;; + *) RC=255 # unknown error + ;; + esac + exit $RC + fi + + # second, we transfer InnoDB log files + rsync --owner --group --perms --links --specials \ + --ignore-times --inplace --dirs --delete --quiet \ + $WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '- **' "$WSREP_LOG_DIR/" \ + rsync://$TARGET_ADDR-log_dir >&2 || RC=$? + + if [ $RC -ne 0 ]; then + wsrep_log_error "rsync innodb_log_group_home_dir returned code $RC:" + exit 255 # unknown error + fi + + # then, we parallelize the transfer of database directories, use . so that pathconcatenation works + pushd "$WSREP_SST_OPT_DATA" >/dev/null + + count=1 + [ "$OS" == "Linux" ] && count=$(grep -c processor /proc/cpuinfo) + [ "$OS" == "Darwin" -o "$OS" == "FreeBSD" ] && count=$(sysctl -n hw.ncpu) + + find . -maxdepth 1 -mindepth 1 -type d -not -name "lost+found" -print0 | \ + xargs -I{} -0 -P $count \ + rsync --owner --group --perms --links --specials \ + --ignore-times --inplace --recursive --delete --quiet \ + $WHOLE_FILE_OPT --exclude '*/ib_logfile*' "$WSREP_SST_OPT_DATA"/{}/ \ + rsync://$TARGET_ADDR/{} >&2 || RC=$? + + popd >/dev/null + + if [ $RC -ne 0 ]; then + wsrep_log_error "find/rsync returned code $RC:" + exit 255 # unknown error + fi + + else # BYPASS + wsrep_log_info "Bypassing state dump." + + # Store donor's wsrep GTID (state ID) and wsrep_gtid_domain_id + # (separated by a space). + STATE="$WSREP_SST_OPT_GTID $WSREP_SST_OPT_GTID_DOMAIN_ID" + fi + + echo "continue" # now server can resume updating data + + echo "$STATE" > "$MAGIC_FILE" + rsync --archive --quiet --checksum "$MAGIC_FILE" rsync://$TARGET_ADDR + + # to avoid cleanup race, stop tunnel before declaring the SST finished. + # This ensures galera won't start a new SST locally before we exit. + cleanup_tunnel + + echo "done $STATE" + +elif [ "$WSREP_SST_OPT_ROLE" = "joiner" ] +then + wsrep_check_programs lsof socat + + touch $SST_PROGRESS_FILE + MYSQLD_PID=$WSREP_SST_OPT_PARENT + + RSYNC_PID="$WSREP_SST_OPT_DATA/$MODULE.pid" + + if check_pid $RSYNC_PID + then + wsrep_log_error "rsync daemon already running." + exit 114 # EALREADY + fi + rm -rf "$RSYNC_PID" + + ADDR=$WSREP_SST_OPT_ADDR + RSYNC_PORT=$(echo $ADDR | awk -F ':' '{ print $2 }') + if [ -z "$RSYNC_PORT" ] + then + RSYNC_PORT=4444 + ADDR="$(echo $ADDR | awk -F ':' '{ print $1 }'):$RSYNC_PORT" + fi + + SOCAT_ADDR=$(echo $ADDR | awk -F ':' '{ print $1 }') + # map to name in case we received an IP + SOCAT_HOST=$(getent hosts $SOCAT_ADDR | awk '{ print $2 }') + if [ -z "$SOCAT_HOST" ]; then + SOCAT_HOST=$SOCAT_ADDR + fi + SOCAT_PORT=$RSYNC_PORT + + trap "exit 32" HUP PIPE + trap "exit 3" INT TERM ABRT + trap cleanup_joiner EXIT + + RSYNC_CONF="$WSREP_SST_OPT_DATA/$MODULE.conf" + + if [ -n "${MYSQL_TMP_DIR:-}" ] ; then + SILENT="log file = $MYSQL_TMP_DIR/rsynd.log" + else + SILENT="" + fi + +cat << EOF > "$RSYNC_CONF" +pid file = $RSYNC_PID +use chroot = no +read only = no +timeout = 300 +$SILENT +[$MODULE] + path = $WSREP_SST_OPT_DATA +[$MODULE-log_dir] + path = $WSREP_LOG_DIR +EOF + +# rm -rf "$DATA"/ib_logfile* # we don't want old logs around + + # Socat receives rsync connections from the donor + SOCAT_SRC=openssl-listen:$SOCAT_PORT,bind=$SOCAT_HOST,reuseaddr,fork,$SOCAT_OPTS + SOCAT_DST=tcp:localhost:$RSYNC_PORT + wsrep_log_info "Setting up tunnel for joiner: socat $SOCAT_SRC $SOCAT_DST" + socat $SOCAT_SRC $SOCAT_DST & + SOCAT_REAL_PID=$! + # This is ok because a local galera node doesn't run SST concurrently + echo $SOCAT_REAL_PID >"$SOCAT_PID" + until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT $SOCAT_HOST "socat" + do + sleep 0.2 + done + + wsrep_log_info "rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config \"$RSYNC_CONF\"" + rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config "$RSYNC_CONF" & + RSYNC_REAL_PID=$! + + until check_pid_and_port $RSYNC_PID $RSYNC_REAL_PID $RSYNC_PORT localhost "rsync" + do + sleep 0.2 + done + + echo "ready $ADDR/$MODULE" + + # wait for SST to complete by monitoring magic file + while [ ! -r "$MAGIC_FILE" ] && check_pid "$RSYNC_PID" && \ + check_pid "$SOCAT_PID" && ps -p $MYSQLD_PID >/dev/null + do + sleep 1 + done + + # to avoid cleanup race, we can tear down the socat tunnel now + # before signaling the end of the SST to galera. + cleanup_tunnel + + if ! ps -p $MYSQLD_PID >/dev/null + then + wsrep_log_error \ + "Parent mysqld process (PID:$MYSQLD_PID) terminated unexpectedly." + exit 32 + fi + + if ! [ -z $WSREP_SST_OPT_BINLOG ] + then + + pushd $BINLOG_DIRNAME &> /dev/null + if [ -f $BINLOG_TAR_FILE ] + then + # Clean up old binlog files first + rm -f ${BINLOG_FILENAME}.* + wsrep_log_info "Extracting binlog files:" + tar -xvf $BINLOG_TAR_FILE >&2 + for ii in $(ls -1 ${BINLOG_FILENAME}.*) + do + echo ${BINLOG_DIRNAME}/${ii} >> ${BINLOG_FILENAME}.index + done + fi + popd &> /dev/null + fi + if [ -r "$MAGIC_FILE" ] + then + # UUID:seqno & wsrep_gtid_domain_id is received here. + cat "$MAGIC_FILE" # Output : UUID:seqno wsrep_gtid_domain_id + else + # this message should cause joiner to abort + echo "rsync process ended without creating '$MAGIC_FILE'" + fi + wsrep_cleanup_progress_file +# cleanup_joiner +else + wsrep_log_error "Unrecognized role: '$WSREP_SST_OPT_ROLE'" + exit 22 # EINVAL +fi + +rm -f $BINLOG_TAR_FILE || : + +exit 0 diff --git a/SPECS/mariadb.spec b/SPECS/mariadb.spec new file mode 100644 index 0000000..21e2489 --- /dev/null +++ b/SPECS/mariadb.spec @@ -0,0 +1,2906 @@ +# This is a fix for the https://fedoraproject.org/wiki/Changes/CMake_to_do_out-of-source_builds +# So the beaviour will be the same also in F31 nad F32 +%undefine __cmake_in_source_build + +# Prefix that is used for patches +%global pkg_name %{name} +%global pkgnamepatch mariadb + +# Regression tests may take a long time (many cores recommended), skip them by +%{!?runselftest:%global runselftest 1} + +# Set this to 1 to see which tests fail, but 0 on production ready build +%global ignore_testsuite_result 0 + +# The last version on which the full testsuite has been run +# In case of further rebuilds of that version, don't require full testsuite to be run +# run only "main" suite +%global last_tested_version 10.5.13 +# Set to 1 to force run the testsuite even if it was already tested in current version +%global force_run_testsuite 0 + +# Aditional SELinux rules +%global require_mysql_selinux 1 + +# In f20+ use unversioned docdirs, otherwise the old versioned one +%global _pkgdocdirname %{pkg_name}%{!?_pkgdocdir:-%{version}} +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{pkg_name}-%{version}} + +# By default, patch(1) creates backup files when chunks apply with offsets. +# Turn that off to ensure such files don't get included in RPMs (cf bz#884755). +%global _default_patch_flags --no-backup-if-mismatch + + + +# Mroonga engine +# https://mariadb.com/kb/en/mariadb/about-mroonga/ +# Current version in MariaDB, 7.07, only supports the x86_64 +# Mroonga upstream warns about using 32-bit package: http://mroonga.org/docs/install.html +# RocksDB engine +# https://mariadb.com/kb/en/library/about-myrocks-for-mariadb/ +# RocksDB engine is available only for x86_64 +# RocksDB may be built with jemalloc, if specified in CMake +%ifarch x86_64 +%if 0%{?fedora} +%bcond_without mroonga +%bcond_without rocksdb +%else +%bcond_with mroonga +%bcond_with rocksdb +%endif +%endif + +# The Open Query GRAPH engine (OQGRAPH) is a computation engine allowing +# hierarchies and more complex graph structures to be handled in a relational fashion +%bcond_without oqgraph + +# PAM authentication plugin +%bcond_without pam + +# Other plugins +# S3 storage engine +# https://mariadb.com/kb/en/s3-storage-engine/ +%if 0%{?fedora} +%bcond_without cracklib +%bcond_without connect +%bcond_without sphinx +%bcond_without s3 +%else +%bcond_with cracklib +%bcond_with connect +%bcond_with sphinx +%bcond_with s3 +%endif + +%bcond_without gssapi + +# For some use cases we do not need some parts of the package. Set to "...with" to exclude +%if 0%{?fedora} || 0%{?rhel} > 7 +%bcond_with clibrary +%else +%bcond_without clibrary +%endif +%bcond_without embedded +%bcond_without devel +%bcond_without client +%bcond_without common +%bcond_without errmsg +%bcond_without test +%bcond_without galera +%bcond_without backup + +# When there is already another package that ships /etc/my.cnf, +# rather include it than ship the file again, since conflicts between +# those files may create issues +%if 0%{?fedora} || 0%{?rhel} > 7 +%bcond_with config +%else +%bcond_without config +%endif + +# For deep debugging we need to build binaries with extra debug info +%bcond_with debug + +# Page compression algorithms for InnoDB & XtraDB +%bcond_without lz4 + + + +# MariaDB 10.0 and later requires pcre >= 10.34, otherwise we need to use +# the bundled library, since the package cannot be build with older version +# https://mariadb.com/kb/en/pcre/ +%if 0%{?fedora} || 0%{?rhel} > 7 +%bcond_without unbundled_pcre +%else +%bcond_with unbundled_pcre +%global pcre_bundled_version 10.34 +%endif + +# Use main python interpretter version +%if 0%{?fedora} || 0%{?rhel} > 7 +%global python_path /usr/bin/python3 +%else +%global python_path /usr/bin/python2 +%endif + +# Include systemd files +%global daemon_name %{name} +%global daemon_no_prefix %{pkg_name} +%global mysqld_pid_dir mariadb + +# We define some system's well known locations here so we can use them easily +# later when building to another location (like SCL) +%global logrotateddir %{_sysconfdir}/logrotate.d +%global logfiledir %{_localstatedir}/log/%{daemon_name} +%global logfile %{logfiledir}/%{daemon_name}.log +# Directory for storing pid file +%global pidfiledir %{_rundir}/%{mysqld_pid_dir} +# Defining where database data live +%global dbdatadir %{_localstatedir}/lib/mysql +# Home directory of mysql user should be same for all packages that create it +%global mysqluserhome /var/lib/mysql + + + +# Provide mysql names for compatibility +%if 0%{?fedora} +%bcond_without mysql_names +%else +%bcond_with mysql_names +%endif + +# Make long macros shorter +%global sameevr %{epoch}:%{version}-%{release} + +Name: mariadb +Version: 10.5.13 +Release: 2%{?with_debug:.debug}%{?dist} +Epoch: 3 + +Summary: A very fast and robust SQL database server +URL: http://mariadb.org +License: GPLv2 and LGPLv2 + +# Original upstream sources archive URL +# Source0: https://downloads.mariadb.org/interstitial/mariadb-%{version}/source/mariadb-%{version}.tar.gz +# Non-existent URL containing correct archive name +# The archive was created by executing the "generate-modified-sources.sh" script +Source0: https://fedoraproject.org/mariadb-%{version}-downstream_modified.tar.gz + +Source2: mysql_config_multilib.sh +Source3: my.cnf.in +Source6: README.mariadb-docs +Source8: README.wsrep_sst_rsync_tunnel +Source10: mariadb.tmpfiles.d.in +Source11: mysql.service.in +Source12: mariadb-prepare-db-dir.sh +Source14: mariadb-check-socket.sh +Source15: mariadb-scripts-common.sh +Source16: mariadb-check-upgrade.sh +Source18: mysql@.service.in +Source50: rh-skipped-tests-base.list +Source51: rh-skipped-tests-arm.list +Source52: rh-skipped-tests-s390.list +Source53: rh-skipped-tests-ppc.list +# Red Hat OpenStack scripts: +# Clustercheck: +# Maintainer: +# Damien Ciabrini +# Source / Upstream: +# Damien; based on https://github.com/olafz/percona-clustercheck +# not updated in 5 years; low-effort maintenance +# Purpose: +# In Openstack, galera is accessed like an A/P database, we have a +# load balancer (haproxy) that drives traffic to a single node and +# performs failover when the galera node monitor fails. +# clustercheck.sh is the monitoring script that is being called remotely +# by haproxy. It is a glue between haproxy and the local galera node that +# can run SQL commands to check whether the local galera is connected to the galera cluster. +# Proposed to MariaDB upstream: https://jira.mariadb.org/browse/MDEV-12442 +# General upstream response was slightly positive +Source70: clustercheck.sh +Source71: LICENSE.clustercheck + +# Upstream said: "Generally MariaDB has more allows to allow for xtradb sst mechanism". +# https://jira.mariadb.org/browse/MDEV-12646 +Source72: mariadb-server-galera.te + +# Script to support encrypted rsync transfers when SST is required between nodes. +# https://github.com/dciabrin/wsrep_sst_rsync_tunnel/blob/master/wsrep_sst_rsync_tunnel +Source73: wsrep_sst_rsync_tunnel + +# Patch4: Red Hat distributions specific logrotate fix +# it would be big unexpected change, if we start shipping it now. Better wait for MariaDB 10.2 +Patch4: %{pkgnamepatch}-logrotate.patch +# Patch7: add to the CMake file all files where we want macros to be expanded +Patch7: %{pkgnamepatch}-scripts.patch +# Patch9: pre-configure to comply with guidelines +Patch9: %{pkgnamepatch}-ownsetup.patch +# Patch10: Fix cipher name in the SSL Cipher name test +Patch10: %{pkgnamepatch}-ssl-cipher-tests.patch +# Patch11: Use PCDIR CMake option, if configured +Patch11: %{pkgnamepatch}-pcdir.patch +# Patch12: OpenSSL 3 patch +# Picked from the upstream developement branch for MariaDB 10.8. +# https://jira.mariadb.org/browse/MDEV-25785 +Patch12: %{pkgnamepatch}-openssl3.patch +# Patch15: Add option to edit groonga's and groonga-normalizer-mysql install path +Patch15: %{pkgnamepatch}-groonga.patch +# Patch16: Fix MD5 in FIPS mode +Patch16: %{pkgnamepatch}-fips.patch + +BuildRequires: make +BuildRequires: cmake gcc-c++ +BuildRequires: multilib-rpm-config +BuildRequires: selinux-policy-devel +BuildRequires: systemd systemd-devel + +# Page compression algorithms for InnoDB & XtraDB +BuildRequires: zlib-devel +%{?with_lz4:BuildRequires: lz4-devel} + +# asynchornous operations stuff; needed also for wsrep API +BuildRequires: libaio-devel +# commands history features +BuildRequires: libedit-devel +# CLI graphic; needed also for wsrep API +BuildRequires: ncurses-devel +# debugging stuff +BuildRequires: systemtap-sdt-devel +# Bison SQL parser; needed also for wsrep API +BuildRequires: bison bison-devel + +%{?with_debug:BuildRequires: valgrind-devel} + +# use either new enough version of pcre2 or provide bundles(pcre2) +%{?with_unbundled_pcre:BuildRequires: pcre2-devel >= 10.34 pkgconf} +%{!?with_unbundled_pcre:Provides: bundled(pcre2) = %{pcre_bundled_version}} +# Few utilities needs Perl +%if 0%{?fedora} || 0%{?rhel} > 7 +BuildRequires: perl-interpreter +BuildRequires: perl-generators +%endif +# Some tests requires python +BuildRequires: python3 +# Tests requires time and ps and some perl modules +BuildRequires: procps +BuildRequires: time +BuildRequires: perl(base) +BuildRequires: perl(Cwd) +BuildRequires: perl(Data::Dumper) +BuildRequires: perl(English) +BuildRequires: perl(Env) +BuildRequires: perl(Errno) +BuildRequires: perl(Exporter) +BuildRequires: perl(Fcntl) +BuildRequires: perl(File::Basename) +BuildRequires: perl(File::Copy) +BuildRequires: perl(File::Find) +BuildRequires: perl(File::Spec) +BuildRequires: perl(File::Spec::Functions) +BuildRequires: perl(File::Temp) +BuildRequires: perl(Getopt::Long) +BuildRequires: perl(IO::File) +BuildRequires: perl(IO::Handle) +BuildRequires: perl(IO::Select) +BuildRequires: perl(IO::Socket) +BuildRequires: perl(IO::Socket::INET) +BuildRequires: perl(IPC::Open3) +BuildRequires: perl(lib) +BuildRequires: perl(Memoize) +BuildRequires: perl(POSIX) +BuildRequires: perl(Socket) +BuildRequires: perl(strict) +BuildRequires: perl(Symbol) +BuildRequires: perl(Sys::Hostname) +BuildRequires: perl(Term::ANSIColor) +BuildRequires: perl(Test::More) +BuildRequires: perl(Time::HiRes) +BuildRequires: perl(Time::localtime) +BuildRequires: perl(warnings) +# for running some openssl tests rhbz#1189180 +BuildRequires: openssl openssl-devel + +%if %{with debug} +BuildRequires: valgrind-devel +%endif + +Requires: bash coreutils grep + +Requires: %{name}-common%{?_isa} = %{sameevr} + +%if %{with clibrary} +# Explicit EVR requirement for -libs is needed for RHBZ#1406320 +Requires: %{name}-libs%{?_isa} = %{sameevr} +%else +# If not built with client library in this package, use connector-c +Requires: mariadb-connector-c >= 3.0 +%endif + +%if %{with mysql_names} +Provides: mysql = %{sameevr} +Provides: mysql%{?_isa} = %{sameevr} +Provides: mysql-compat-client = %{sameevr} +Provides: mysql-compat-client%{?_isa} = %{sameevr} +%endif + +Suggests: %{name}-server%{?_isa} = %{sameevr} + +Conflicts: %{?fedora:community-}mysql + +# Filtering: https://docs.fedoraproject.org/en-US/packaging-guidelines/AutoProvidesAndRequiresFiltering/ +%global __requires_exclude ^perl\\((hostnames|lib::mtr|lib::v1|mtr_|My::|wsrep) +%global __provides_exclude_from ^(%{_datadir}/(mysql|mysql-test)/.*|%{_libdir}/%{pkg_name}/plugin/.*\\.so)$ + +# Define license macro if not present +%{!?_licensedir:%global license %doc} + +%description +MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded +SQL database server. It is a client/server implementation consisting of +a server daemon (mariadbd) and many different client programs and libraries. +The base package contains the standard MariaDB/MySQL client programs and +utilities. + + +%if %{with clibrary} +%package libs +Summary: The shared libraries required for MariaDB/MySQL clients +Requires: %{name}-common%{?_isa} = %{sameevr} +%if %{with mysql_names} +Provides: mysql-libs = %{sameevr} +Provides: mysql-libs%{?_isa} = %{sameevr} +%endif + +%description libs +The mariadb-libs package provides the essential shared libraries for any +MariaDB/MySQL client program or interface. You will need to install this +package to use any other MariaDB package or any clients that need to connect +to a MariaDB/MySQL server. +%endif + + +# At least main config file /etc/my.cnf is shared for client and server part +# Since we want to support combination of different client and server +# implementations (e.g. mariadb library and community-mysql server), +# we need the config file(s) to be in a separate package, so no extra packages +# are pulled, because these would likely conflict. +# More specifically, the dependency on the main configuration file (/etc/my.cnf) +# is supposed to be defined as Requires: /etc/my.cnf rather than requiring +# a specific package, so installer app can choose whatever package fits to +# the transaction. +%if %{with config} +%package config +Summary: The config files required by server and client + +%description config +The package provides the config file my.cnf and my.cnf.d directory used by any +MariaDB or MySQL program. You will need to install this package to use any +other MariaDB or MySQL package if the config files are not provided in the +package itself. +%endif + + +%if %{with common} +%package common +Summary: The shared files required by server and client +Requires: %{_sysconfdir}/my.cnf + + +%if %{without clibrary} +Obsoletes: %{name}-libs <= %{sameevr} +%endif + +%description common +The package provides the essential shared files for any MariaDB program. +You will need to install this package to use any other MariaDB package. +%endif + + +%if %{with errmsg} +%package errmsg +Summary: The error messages files required by server and embedded +Requires: %{name}-common%{?_isa} = %{sameevr} + +%description errmsg +The package provides error messages files for the MariaDB daemon and the +embedded server. You will need to install this package to use any of those +MariaDB packages. +%endif + + +%if %{with galera} +%package server-galera +Summary: The configuration files and scripts for galera replication +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{name}-server%{?_isa} = %{sameevr} +Requires: galera >= 26.4.3 +Requires(post): libselinux-utils +Requires(post): policycoreutils-python-utils +# wsrep requirements +Requires: lsof +# Default wsrep_sst_method +Requires: rsync + +%description server-galera +MariaDB is a multi-user, multi-threaded SQL database server. It is a +client/server implementation consisting of a server daemon (mariadbd) +and many different client programs and libraries. This package contains +added files to allow MariaDB server to operate as a Galera cluster +member. MariaDB is a community developed fork originally from MySQL. +%endif + + +%package server +Summary: The MariaDB server and related files + +# note: no version here = %%{version}-%%{release} +%if %{with mysql_names} +Requires: mysql-compat-client%{?_isa} +Requires: mysql%{?_isa} +Recommends: %{name}%{?_isa} +%else +Requires: %{name}%{?_isa} +%endif +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{name}-errmsg%{?_isa} = %{sameevr} +Recommends: %{name}-server-utils%{?_isa} = %{sameevr} +Recommends: %{name}-backup%{?_isa} = %{sameevr} +%{?with_cracklib:Recommends: %{name}-cracklib-password-check%{?_isa} = %{sameevr}} +%{?with_gssapi:Recommends: %{name}-gssapi-server%{?_isa} = %{sameevr}} +%{?with_rocksdb:Suggests: %{name}-rocksdb-engine%{?_isa} = %{sameevr}} +%{?with_sphinx:Suggests: %{name}-sphinx-engine%{?_isa} = %{sameevr}} +%{?with_oqgraph:Suggests: %{name}-oqgraph-engine%{?_isa} = %{sameevr}} +%{?with_connect:Suggests: %{name}-connect-engine%{?_isa} = %{sameevr}} +%{?with_pam:Suggests: %{name}-pam%{?_isa} = %{sameevr}} + +Suggests: mytop +Suggests: logrotate + +Requires: %{_sysconfdir}/my.cnf +Requires: %{_sysconfdir}/my.cnf.d + +# Additional SELinux rules (common for MariaDB & MySQL) shipped in a separate package +# For cases, where we want to fix a SELinux issues in MariaDB sooner than patched selinux-policy-targeted package is released +%if %require_mysql_selinux +Requires: (mysql-selinux if selinux-policy-targeted) +%endif + +# for fuser in mysql-check-socket +Requires: psmisc + +Requires: coreutils +Requires(pre): /usr/sbin/useradd +# We require this to be present for %%{_tmpfilesdir} +Requires: systemd +# Make sure it's there when scriptlets run, too +%{?systemd_requires} +# RHBZ#1496131; use 'iproute' instead of 'net-tools' +Requires: iproute +%if %{with mysql_names} +Provides: mysql-server = %{sameevr} +Provides: mysql-server%{?_isa} = %{sameevr} +Provides: mysql-compat-server = %{sameevr} +Provides: mysql-compat-server%{?_isa} = %{sameevr} +%endif +Conflicts: %{?fedora:community-}mysql-server + +# Bench subpackage has been deprecated in F32 +Obsoletes: %{name}-bench <= %{sameevr} + +Obsoletes: %{name}-tokudb-engine <= %{sameevr} + +%description server +MariaDB is a multi-user, multi-threaded SQL database server. It is a +client/server implementation consisting of a server daemon (mariadbd) +and many different client programs and libraries. This package contains +the MariaDB server and some accompanying files and directories. +MariaDB is a community developed fork from MySQL. + + +%if %{with oqgraph} +%package oqgraph-engine +Summary: The Open Query GRAPH engine for MariaDB +Requires: %{name}-server%{?_isa} = %{sameevr} +# boost and Judy required for oograph +BuildRequires: boost-devel Judy-devel + +%description oqgraph-engine +The package provides Open Query GRAPH engine (OQGRAPH) as plugin for MariaDB +database server. OQGRAPH is a computation engine allowing hierarchies and more +complex graph structures to be handled in a relational fashion. In a nutshell, +tree structures and friend-of-a-friend style searches can now be done using +standard SQL syntax, and results joined onto other tables. +%endif + + +%if %{with connect} +%package connect-engine +Summary: The CONNECT storage engine for MariaDB +Requires: %{name}-server%{?_isa} = %{sameevr} + +# As per https://jira.mariadb.org/browse/MDEV-21450 +BuildRequires: libxml2-devel + +%description connect-engine +The CONNECT storage engine enables MariaDB to access external local or +remote data (MED). This is done by defining tables based on different data +types, in particular files in various formats, data extracted from other DBMS +or products (such as Excel), or data retrieved from the environment +(for example DIR, WMI, and MAC tables). +%endif + + +%if %{with backup} +%package backup +Summary: The mariabackup tool for physical online backups +Requires: %{name}-server%{?_isa} = %{sameevr} +BuildRequires: libarchive-devel + +%description backup +MariaDB Backup is an open source tool provided by MariaDB for performing +physical online backups of InnoDB, Aria and MyISAM tables. +For InnoDB, "hot online" backups are possible. +%endif + + +%if %{with rocksdb} +%package rocksdb-engine +Summary: The RocksDB storage engine for MariaDB +Requires: %{name}-server%{?_isa} = %{sameevr} +Provides: bundled(rocksdb) + +%description rocksdb-engine +The RocksDB storage engine is used for high performance servers on SSD drives. +%endif + + +%if %{with cracklib} +%package cracklib-password-check +Summary: The password strength checking plugin +Requires: %{name}-server%{?_isa} = %{sameevr} +BuildRequires: cracklib-dicts cracklib-devel +Requires: cracklib-dicts + +%description cracklib-password-check +CrackLib is a password strength checking library. It is installed by default +in many Linux distributions and is invoked automatically (by pam_cracklib.so) +whenever the user login password is modified. +Now, with the cracklib_password_check password validation plugin, one can +also use it to check MariaDB account passwords. +%endif + + +%if %{with gssapi} +%package gssapi-server +Summary: GSSAPI authentication plugin for server +Requires: %{name}-server%{?_isa} = %{sameevr} +BuildRequires: krb5-devel + +%description gssapi-server +GSSAPI authentication server-side plugin for MariaDB for passwordless login. +This plugin includes support for Kerberos on Unix. +%endif + + +%if %{with pam} +%package pam +Summary: PAM authentication plugin for the MariaDB server + +Requires: %{name}-server%{?_isa} = %{sameevr} +# This subpackage NEED the 'mysql' user/group (created during mariadb-server %%pre) to be available prior installation +Requires(pre): %{name}-server%{?_isa} = %{sameevr} + +BuildRequires: pam-devel + +%description pam +PAM authentication server-side plugin for MariaDB. +%endif + + +%if %{with sphinx} +%package sphinx-engine +Summary: The Sphinx storage engine for MariaDB +Requires: %{name}-server%{?_isa} = %{sameevr} +BuildRequires: sphinx libsphinxclient libsphinxclient-devel +Requires: sphinx libsphinxclient + +%description sphinx-engine +The Sphinx storage engine for MariaDB. +%endif + + +%if %{with s3} +%package s3-engine +Summary: The S3 storage engine for MariaDB +Requires: %{name}-server%{?_isa} = %{sameevr} + +BuildRequires: curl-devel + +%description s3-engine +The S3 read only storage engine allows archiving MariaDB tables in Amazon S3, +or any third-party public or private cloud that implements S3 API, +but still have them accessible for reading in MariaDB. +%endif + + +%package server-utils +Summary: Non-essential server utilities for MariaDB/MySQL applications +Requires: %{name}-server%{?_isa} = %{sameevr} +%if %{with mysql_names} +Provides: mysql-perl = %{sameevr} +%endif +Conflicts: %{?fedora:community-}mysql-server +# mysqlhotcopy needs DBI/DBD support +Requires: perl(DBI) perl(DBD::MariaDB) + +%description server-utils +This package contains all non-essential server utilities and scripts for +managing databases. It also contains all utilities requiring Perl and it is +the only MariaDB sub-package, except test subpackage, that depends on Perl. + + +%if %{with devel} +%package devel +Summary: Files for development of MariaDB/MySQL applications +%{?with_clibrary:Requires: %{name}-libs%{?_isa} = %{sameevr}} +Requires: openssl-devel +%if %{without clibrary} +Requires: mariadb-connector-c-devel >= 3.0 +%endif +%if %{with mysql_names} +Provides: mysql-devel = %{sameevr} +Provides: mysql-devel%{?_isa} = %{sameevr} +%endif +Conflicts: %{?fedora:community-}mysql-devel + +%description devel +MariaDB is a multi-user, multi-threaded SQL database server. +MariaDB is a community developed branch of MySQL. +%if %{with clibrary} +This package contains everything needed for developing MariaDB/MySQL client +and server plugins and applications. +%else +This package contains everything needed for developing MariaDB/MySQL server +plugins and applications. For developing client applications, use +mariadb-connector-c package. +%endif +%endif + + +%if %{with embedded} +%package embedded +Summary: MariaDB as an embeddable library +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{name}-errmsg%{?_isa} = %{sameevr} +%if %{with mysql_names} +Provides: mysql-embedded = %{sameevr} +Provides: mysql-embedded%{?_isa} = %{sameevr} +%endif + +%description embedded +MariaDB is a multi-user, multi-threaded SQL database server. This +package contains a version of the MariaDB server that can be embedded +into a client application instead of running as a separate process. +MariaDB is a community developed fork from MySQL. + + +%package embedded-devel +Summary: Development files for MariaDB as an embeddable library +Requires: %{name}-embedded%{?_isa} = %{sameevr} +Requires: %{name}-devel%{?_isa} = %{sameevr} +# embedded-devel should require libaio-devel (rhbz#1290517) +Requires: libaio-devel +%if %{with mysql_names} +Provides: mysql-embedded-devel = %{sameevr} +Provides: mysql-embedded-devel%{?_isa} = %{sameevr} +%endif +Conflicts: %{?fedora:community-}mysql-embedded-devel + +%description embedded-devel +MariaDB is a multi-user, multi-threaded SQL database server. +MariaDB is a community developed fork from MySQL. +This package contains files needed for developing and testing with +the embedded version of the MariaDB server. +%endif + + +%if %{with test} +%package test +Summary: The test suite distributed with MariaDB +Requires: %{name}%{?_isa} = %{sameevr} +Requires: %{name}-common%{?_isa} = %{sameevr} +Requires: %{name}-server%{?_isa} = %{sameevr} +Requires: patch +Requires: perl(Env) +Requires: perl(Exporter) +Requires: perl(Fcntl) +Requires: perl(File::Temp) +Requires: perl(Data::Dumper) +Requires: perl(Getopt::Long) +Requires: perl(IPC::Open3) +Requires: perl(Socket) +Requires: perl(Sys::Hostname) +Requires: perl(Test::More) +Requires: perl(Time::HiRes) +Conflicts: %{?fedora:community-}mysql-test +%if %{with mysql_names} +Provides: mysql-test = %{sameevr} +Provides: mysql-test%{?_isa} = %{sameevr} +%endif + +%description test +MariaDB is a multi-user, multi-threaded SQL database server. +MariaDB is a community developed fork from MySQL. +This package contains the regression test suite distributed with the MariaDB +sources. +%endif + + +%prep +%setup -q -n mariadb-%{version}-downstream_modified + +# Remove JAR files that upstream puts into tarball +find . -name "*.jar" -type f -exec rm --verbose -f {} \; +# Remove testsuite for the mariadb-connector-c +rm -rf libmariadb/unittest +%if %{without rocksdb} +rm -r storage/rocksdb/ +%endif + + + +%patch4 -p1 +%patch7 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9 +%patch12 -p1 +%endif +%patch15 -p1 +%patch16 -p1 + +# generate a list of tests that fail, but are not disabled by upstream +cat %{SOURCE50} | tee -a mysql-test/unstable-tests + +# disable some tests failing on different architectures +%ifarch %{arm} aarch64 +cat %{SOURCE51} | tee -a mysql-test/unstable-tests +%endif + +%ifarch s390 s390x +cat %{SOURCE52} | tee -a mysql-test/unstable-tests +%endif + +%ifarch ppc ppc64 ppc64p7 ppc64le +cat %{SOURCE53} | tee -a mysql-test/unstable-tests +%endif + +cp %{SOURCE2} %{SOURCE3} %{SOURCE10} %{SOURCE11} %{SOURCE12} \ + %{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE18} %{SOURCE70} %{SOURCE73} scripts + +%if %{with galera} +# prepare selinux policy +mkdir selinux +sed 's/mariadb-server-galera/%{name}-server-galera/' %{SOURCE72} > selinux/%{name}-server-galera.te +%endif + + +# Get version of PCRE, that upstream use +pcre_version=`grep -e "ftp.pcre.org/pub/pcre/pcre2" cmake/pcre.cmake | sed -r "s;[^0123456789]*2-([[:digit:]]+\.[[:digit:]]+)\.[^0123456789]*;\1;"` + +# Check if the PCRE version in macro 'pcre_bundled_version', used in Provides: bundled(...), is the same version as upstream actually bundles +%if %{without unbundled_pcre} +if [ %{pcre_bundled_version} != "$pcre_version" ] ; then + echo -e "\n Error: Bundled PCRE version is not correct. \n\tBundled version number:%{pcre_bundled_version} \n\tUpstream version number: $pcre_version\n" + exit 1 +fi +%else +# Check if the PCRE version that upstream use, is the same as the one present in system +pcre_system_version=`pkgconf %{_libdir}/pkgconfig/libpcre2-*.pc --modversion 2>/dev/null | head -n 1` + +if [ "$pcre_system_version" != "$pcre_version" ] ; then + echo -e "\n Warning: Error: Bundled PCRE version is not correct. \n\tSystem version number:$pcre_system_version \n\tUpstream version number: $pcre_version\n" +fi +%endif + + + +%build +# fail quickly and obviously if user tries to build as root +%if %runselftest + if [ x"$(id -u)" = "x0" ]; then + echo "mysql's regression tests fail if run as root." + echo "If you really need to build the RPM as root, use" + echo "--nocheck to skip the regression tests." + exit 1 + fi +%endif + +# The INSTALL_xxx macros have to be specified relative to CMAKE_INSTALL_PREFIX +# so we can't use %%{_datadir} and so forth here. +%cmake . \ + -DBUILD_CONFIG=mysql_release \ + -DFEATURE_SET="community" \ + -DINSTALL_LAYOUT=RPM \ + -DDAEMON_NAME="%{daemon_name}" \ + -DDAEMON_NO_PREFIX="%{daemon_no_prefix}" \ + -DLOG_LOCATION="%{logfile}" \ + -DPID_FILE_DIR="%{pidfiledir}" \ + -DNICE_PROJECT_NAME="MariaDB" \ + -DRPM="%{?rhel:rhel%{rhel}}%{!?rhel:fedora%{fedora}}" \ + -DCMAKE_INSTALL_PREFIX="%{_prefix}" \ + -DINSTALL_SYSCONFDIR="%{_sysconfdir}" \ + -DINSTALL_SYSCONF2DIR="%{_sysconfdir}/my.cnf.d" \ + -DINSTALL_DOCDIR="share/doc/%{_pkgdocdirname}" \ + -DINSTALL_DOCREADMEDIR="share/doc/%{_pkgdocdirname}" \ + -DINSTALL_INCLUDEDIR=include/mysql \ + -DINSTALL_INFODIR=share/info \ + -DINSTALL_LIBDIR="%{_lib}" \ + -DINSTALL_MANDIR=share/man \ + -DINSTALL_MYSQLSHAREDIR=share/%{pkg_name} \ + -DINSTALL_MYSQLTESTDIR=%{?with_test:share/mysql-test}%{!?with_test:} \ + -DINSTALL_PLUGINDIR="%{_lib}/%{pkg_name}/plugin" \ + -DINSTALL_SBINDIR=libexec \ + -DINSTALL_SCRIPTDIR=bin \ + -DINSTALL_SUPPORTFILESDIR=share/%{pkg_name} \ + -DINSTALL_PCDIR=%{_lib}/pkgconfig \ + -DMYSQL_DATADIR="%{dbdatadir}" \ + -DMYSQL_UNIX_ADDR="/var/lib/mysql/mysql.sock" \ + -DTMPDIR=/var/tmp \ + -DGRN_DATA_DIR=share/%{name}-server/groonga \ + -DGROONGA_NORMALIZER_MYSQL_PROJECT_NAME=%{name}-server/groonga-normalizer-mysql \ + -DENABLED_LOCAL_INFILE=ON \ + -DENABLE_DTRACE=ON \ + -DSECURITY_HARDENED=OFF \ + -DWITH_WSREP=%{?with_galera:ON}%{!?with_galera:OFF} \ + -DWITH_INNODB_DISALLOW_WRITES=%{?with_galera:ON}%{!?with_galera:OFF} \ + -DWITH_EMBEDDED_SERVER=%{?with_embedded:ON}%{!?with_embedded:OFF} \ + -DWITH_MARIABACKUP=%{?with_backup:ON}%{!?with_backup:NO} \ + -DWITH_UNIT_TESTS=%{?with_test:ON}%{!?with_test:NO} \ + -DCONC_WITH_SSL=%{?with_clibrary:ON}%{!?with_clibrary:NO} \ + -DWITH_SSL=system \ + -DWITH_ZLIB=system \ + -DLZ4_LIBS=%{_libdir}/liblz4.so \ + -DLZ4_LIBS=%{?with_lz4:%{_libdir}/liblz4.so}%{!?with_lz4:} \ + -DWITH_INNODB_LZ4=%{?with_lz4:ON}%{!?with_lz4:OFF} \ + -DWITH_ROCKSDB_LZ4=%{?with_lz4:ON}%{!?with_lz4:OFF} \ + -DPLUGIN_MROONGA=%{?with_mroonga:DYNAMIC}%{!?with_mroonga:NO} \ + -DPLUGIN_OQGRAPH=%{?with_oqgraph:DYNAMIC}%{!?with_oqgraph:NO} \ + -DPLUGIN_CRACKLIB_PASSWORD_CHECK=%{?with_cracklib:DYNAMIC}%{!?with_cracklib:NO} \ + -DPLUGIN_ROCKSDB=%{?with_rocksdb:DYNAMIC}%{!?with_rocksdb:NO} \ + -DPLUGIN_SPHINX=%{?with_sphinx:DYNAMIC}%{!?with_sphinx:NO} \ + -DPLUGIN_CONNECT=%{?with_connect:DYNAMIC}%{!?with_connect:NO} \ + -DPLUGIN_S3=%{?with_s3:DYNAMIC}%{!?with_s3:NO} \ + -DPLUGIN_COLUMNSTORE=NO \ + -DPLUGIN_CLIENT_ED25519=OFF \ + -DPYTHON_SHEBANG=%{python_path} \ + -DPLUGIN_CACHING_SHA2_PASSWORD=%{?with_clibrary:DYNAMIC}%{!?with_clibrary:OFF} \ + -DPLUGIN_AWS_KEY_MANAGEMENT=NO \ + -DCONNECT_WITH_MONGO=OFF \ + -DCONNECT_WITH_JDBC=OFF \ +%{?with_debug: -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=OFF -DWITH_INNODB_EXTRA_DEBUG=ON -DWITH_VALGRIND=ON} + +# The -DSECURITY_HARDENED is used to force a set of compilation flags for hardening +# The issue is that the MariaDB upstream level of hardening is lower than expected by Red Hat +# We disable this option to the default compilation flags (which have higher level of hardening) will be used + + +CFLAGS="$CFLAGS -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" +# force PIC mode so that we can build libmysqld.so +CFLAGS="$CFLAGS -fPIC" + +%if %{with debug} +# Override all optimization flags when making a debug build +# -D_FORTIFY_SOURCE requires optimizations enabled. Disable the fortify. +CFLAGS=`echo "$CFLAGS" | sed -r 's/-D_FORTIFY_SOURCE=[012]/-D_FORTIFY_SOURCE=0/'` +CFLAGS=`echo "$CFLAGS" | sed -r 's/-O[0123]//'` + +CFLAGS="$CFLAGS -O0 -g -D_FORTIFY_SOURCE=0" + +# Fixes for Fedora 32 & Rawhide (GCC 10.0): +%if 0%{?fedora} >= 32 +CFLAGS="$CFLAGS -Wno-error=class-memaccess" +CFLAGS="$CFLAGS -Wno-error=enum-conversion" +%endif # f32 +%endif # debug + +CXXFLAGS="$CFLAGS" +CPPFLAGS="$CFLAGS" +export CFLAGS CXXFLAGS CPPFLAGS + + +# Print all Cmake options values; "-LAH" means "List Advanced Help" +cmake -B %{_vpath_builddir} -LAH + +%cmake_build + +# build selinux policy +%if %{with galera} +pushd selinux +make -f /usr/share/selinux/devel/Makefile %{name}-server-galera.pp +%endif + + + +%install +%cmake_install + +# multilib header support #1625157 +for header in mysql/server/my_config.h mysql/server/private/config.h; do +%multilib_fix_c_header --file %{_includedir}/$header +done + +ln -s mysql_config.1.gz %{buildroot}%{_mandir}/man1/mariadb_config.1.gz + +# multilib support for shell scripts +# we only apply this to known Red Hat multilib arches, per bug #181335 +if [ %multilib_capable ] +then +mv %{buildroot}%{_bindir}/mysql_config %{buildroot}%{_bindir}/mysql_config-%{__isa_bits} +install -p -m 0755 %{_vpath_builddir}/scripts/mysql_config_multilib %{buildroot}%{_bindir}/mysql_config +# Copy manual page for multilib mysql_config; https://jira.mariadb.org/browse/MDEV-11961 +ln -s mysql_config.1 %{buildroot}%{_mandir}/man1/mysql_config-%{__isa_bits}.1 +fi + +%if %{without clibrary} +# Client part should be included in package 'mariadb-connector-c' +rm %{buildroot}%{_libdir}/pkgconfig/libmariadb.pc +%endif + +# install INFO_SRC, INFO_BIN into libdir (upstream thinks these are doc files, +# but that's pretty wacko --- see also %%{name}-file-contents.patch) +install -p -m 644 %{_vpath_builddir}/Docs/INFO_SRC %{buildroot}%{_libdir}/%{pkg_name}/ +install -p -m 644 %{_vpath_builddir}/Docs/INFO_BIN %{buildroot}%{_libdir}/%{pkg_name}/ +rm -r %{buildroot}%{_datadir}/doc/%{_pkgdocdirname}/MariaDB-server-%{version}/ + +# Logfile creation +mkdir -p %{buildroot}%{logfiledir} +chmod 0750 %{buildroot}%{logfiledir} +touch %{buildroot}%{logfile} + +# current setting in my.cnf is to use /var/run/mariadb for creating pid file, +# however since my.cnf is not updated by RPM if changed, we need to create mysqld +# as well because users can have odd settings in their /etc/my.cnf +mkdir -p %{buildroot}%{pidfiledir} +install -p -m 0755 -d %{buildroot}%{dbdatadir} + +%if %{with config} +install -D -p -m 0644 %{_vpath_builddir}/scripts/my.cnf %{buildroot}%{_sysconfdir}/my.cnf +%else +rm %{_vpath_builddir}/scripts/my.cnf +%endif + +# use different config file name for each variant of server (mariadb / mysql) +mv %{buildroot}%{_sysconfdir}/my.cnf.d/server.cnf %{buildroot}%{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf + +# Remove upstream SysV init script and a symlink to that, we use systemd +rm %{buildroot}%{_libexecdir}/rcmysql +# Remove upstream Systemd service files +rm -r %{buildroot}%{_datadir}/%{pkg_name}/systemd +# Our downstream Systemd service file have set aliases to the "mysql" names in the [Install] section. +# They can be enabled / disabled by "systemctl enable / diable " +rm %{buildroot}%{_unitdir}/{mysql,mysqld}.service + +# install systemd unit files and scripts for handling server startup +install -D -p -m 644 %{_vpath_builddir}/scripts/mysql.service %{buildroot}%{_unitdir}/%{daemon_name}.service +install -D -p -m 644 %{_vpath_builddir}/scripts/mysql@.service %{buildroot}%{_unitdir}/%{daemon_name}@.service + +# helper scripts for service starting +install -p -m 755 %{_vpath_builddir}/scripts/mariadb-prepare-db-dir %{buildroot}%{_libexecdir}/mariadb-prepare-db-dir +install -p -m 755 %{_vpath_builddir}/scripts/mariadb-check-socket %{buildroot}%{_libexecdir}/mariadb-check-socket +install -p -m 755 %{_vpath_builddir}/scripts/mariadb-check-upgrade %{buildroot}%{_libexecdir}/mariadb-check-upgrade +install -p -m 644 %{_vpath_builddir}/scripts/mariadb-scripts-common %{buildroot}%{_libexecdir}/mariadb-scripts-common + +# Install downstream version of tmpfiles +install -D -p -m 0644 %{_vpath_builddir}/scripts/mariadb.tmpfiles.d %{buildroot}%{_tmpfilesdir}/%{name}.conf +%if 0%{?mysqld_pid_dir:1} +echo "d %{pidfiledir} 0755 mysql mysql -" >>%{buildroot}%{_tmpfilesdir}/%{name}.conf +%endif + +# install additional galera selinux policy +%if %{with galera} +install -p -m 644 -D selinux/%{name}-server-galera.pp %{buildroot}%{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp +%endif + +%if %{with test} +# mysql-test includes one executable that doesn't belong under /usr/share, so move it and provide a symlink +mv %{buildroot}%{_datadir}/mysql-test/lib/My/SafeProcess/my_safe_process %{buildroot}%{_bindir} +ln -s ../../../../../bin/my_safe_process %{buildroot}%{_datadir}/mysql-test/lib/My/SafeProcess/my_safe_process +# Provide symlink expected by RH QA tests +ln -s unstable-tests %{buildroot}%{_datadir}/mysql-test/rh-skipped-tests.list +%endif + + +# Client that uses libmysqld embedded server. +# Pretty much like normal mysql command line client, but it doesn't require a running mariadb server. +%{?with_embedded:rm %{buildroot}%{_bindir}/{mariadb-,mysql_}embedded} +rm %{buildroot}%{_mandir}/man1/{mysql_,mariadb-}embedded.1* +# Static libraries +rm %{buildroot}%{_libdir}/*.a +# This script creates the MySQL system tables and starts the server. +# Upstream says: +# It looks like it's just "mysql_install_db && mysqld_safe" +# I've never heard of anyone using it, I'd say, no need to pack it. +rm %{buildroot}%{_datadir}/%{pkg_name}/binary-configure +# FS files first-bytes recoginiton +# Not updated by upstream since nobody realy use that +rm %{buildroot}%{_datadir}/%{pkg_name}/magic + +# Upstream ships them because of, https://jira.mariadb.org/browse/MDEV-10797 +# In Fedora we use our own systemd unit files and scripts +rm %{buildroot}%{_datadir}/%{pkg_name}/mysql.server +rm %{buildroot}%{_datadir}/%{pkg_name}/mysqld_multi.server + +# Binary for monitoring MySQL performance +# Shipped as a standalone package in Fedora +rm %{buildroot}%{_bindir}/mytop +rm %{buildroot}%{_mandir}/man1/mytop.1* + +# Should be shipped with mariadb-connector-c +rm %{buildroot}%{_mandir}/man1/mariadb_config.1* + +# put logrotate script where it needs to be +mkdir -p %{buildroot}%{logrotateddir} +mv %{buildroot}%{_datadir}/%{pkg_name}/mysql-log-rotate %{buildroot}%{logrotateddir}/%{daemon_name} +chmod 644 %{buildroot}%{logrotateddir}/%{daemon_name} + +# for compatibility with upstream RPMs, create mysqld symlink in sbin +mkdir -p %{buildroot}%{_sbindir} +ln -s %{_libexecdir}/mysqld %{buildroot}%{_sbindir}/mysqld +ln -s %{_libexecdir}/mariadbd %{buildroot}%{_sbindir}/mariadbd + +# copy additional docs into build tree so %%doc will find them +install -p -m 0644 %{SOURCE6} %{basename:%{SOURCE6}} +install -p -m 0644 %{SOURCE8} %{basename:%{SOURCE8}} +install -p -m 0644 %{SOURCE16} %{basename:%{SOURCE16}} +install -p -m 0644 %{SOURCE71} %{basename:%{SOURCE71}} + +# install galera config file +%if %{with galera} +sed -i -r 's|^wsrep_provider=none|wsrep_provider=%{_libdir}/galera/libgalera_smm.so|' %{_vpath_builddir}/support-files/wsrep.cnf +install -p -m 0644 %{_vpath_builddir}/support-files/wsrep.cnf %{buildroot}%{_sysconfdir}/my.cnf.d/galera.cnf +%endif +# install the clustercheck script +mkdir -p %{buildroot}%{_sysconfdir}/sysconfig +touch %{buildroot}%{_sysconfdir}/sysconfig/clustercheck +install -p -m 0755 %{_vpath_builddir}/scripts/clustercheck %{buildroot}%{_bindir}/clustercheck + +# remove duplicate logrotate script +rm %{buildroot}%{logrotateddir}/mysql +# Remove AppArmor files +rm -r %{buildroot}%{_datadir}/%{pkg_name}/policy/apparmor + +# Buildroot does not have symlink /lib64 --> /usr/lib64 +mv %{buildroot}/%{_lib}/security %{buildroot}%{_libdir} + +# Add wsrep_sst_rsync_tunnel script +install -p -m 0755 scripts/wsrep_sst_rsync_tunnel %{buildroot}%{_bindir}/wsrep_sst_rsync_tunnel + +# Disable plugins +%if %{with gssapi} +sed -i 's/^plugin-load-add/#plugin-load-add/' %{buildroot}%{_sysconfdir}/my.cnf.d/auth_gssapi.cnf +%endif +%if %{with cracklib} +sed -i 's/^plugin-load-add/#plugin-load-add/' %{buildroot}%{_sysconfdir}/my.cnf.d/cracklib_password_check.cnf +%endif + +# Fix Galera Replication config file +# The replication requires cluster address upon startup (which is end-user specific). +# Disable it entirely, rather than have it failing out-of-the-box. +%if %{with galera} +sed -i 's/^wsrep_on=1/wsrep_on=0/' %{buildroot}%{_sysconfdir}/my.cnf.d/galera.cnf +%endif + +%if %{without embedded} +rm %{buildroot}%{_mandir}/man1/{mysql_client_test_embedded,mysqltest_embedded}.1* +rm %{buildroot}%{_mandir}/man1/{mariadb-client-test-embedded,mariadb-test-embedded}.1* +%endif + + +%if %{without clibrary} +rm %{buildroot}%{_sysconfdir}/my.cnf.d/client.cnf +# Client library and links +rm %{buildroot}%{_libdir}/libmariadb.so.* +unlink %{buildroot}%{_libdir}/libmysqlclient.so +unlink %{buildroot}%{_libdir}/libmysqlclient_r.so +unlink %{buildroot}%{_libdir}/libmariadb.so +# Client plugins +rm %{buildroot}%{_libdir}/%{pkg_name}/plugin/{dialog.so,mysql_clear_password.so,sha256_password.so} +%if %{with gssapi} +rm %{buildroot}%{_libdir}/%{pkg_name}/plugin/auth_gssapi_client.so +%endif +%endif + +%if %{without clibrary} || %{without devel} +rm %{buildroot}%{_bindir}/mysql_config* +rm %{buildroot}%{_bindir}/mariadb_config +rm %{buildroot}%{_bindir}/mariadb-config +rm %{buildroot}%{_mandir}/man1/mysql_config*.1* +%endif + +%if %{without clibrary} && %{with devel} +# This files are already included in mariadb-connector-c +rm %{buildroot}%{_includedir}/mysql/mysql_version.h +rm %{buildroot}%{_includedir}/mysql/{errmsg.h,ma_list.h,ma_pvio.h,mariadb_com.h,\ +mariadb_ctype.h,mariadb_dyncol.h,mariadb_stmt.h,mariadb_version.h,ma_tls.h,mysqld_error.h,mysql.h,mariadb_rpl.h} +rm -r %{buildroot}%{_includedir}/mysql/{mariadb,mysql} +%endif + +%if %{without devel} +rm -r %{buildroot}%{_includedir}/mysql +rm %{buildroot}%{_datadir}/aclocal/mysql.m4 +rm %{buildroot}%{_libdir}/pkgconfig/mariadb.pc +%if %{with clibrary} +rm %{buildroot}%{_libdir}/libmariadb*.so +unlink %{buildroot}%{_libdir}/libmysqlclient.so +unlink %{buildroot}%{_libdir}/libmysqlclient_r.so +%endif +%endif + +%if %{without client} +rm %{buildroot}%{_bindir}/msql2mysql +rm %{buildroot}%{_bindir}/{mysql,mariadb} +rm %{buildroot}%{_bindir}/mysql{access,admin,binlog,check,dump,_find_rows,import,_plugin,show,slap,_waitpid} +rm %{buildroot}%{_bindir}/mariadb-{access,admin,binlog,check,dump,find-rows,import,plugin,show,slap,waitpid} + +rm %{buildroot}%{_mandir}/man1/msql2mysql.1* +rm %{buildroot}%{_mandir}/man1/{mysql,mariadb}.1* +rm %{buildroot}%{_mandir}/man1/mysql{access,admin,binlog,check,dump,_find_rows,import,_plugin,show,slap,_waitpid}.1* +rm %{buildroot}%{_mandir}/man1/mariadb-{access,admin,binlog,check,dump,find-rows,import,plugin,show,slap,waitpid}.1* +%endif + +%if %{without config} +rm %{buildroot}%{_sysconfdir}/my.cnf +%endif + +%if %{without common} +rm -r %{buildroot}%{_datadir}/%{pkg_name}/charsets +%endif + +%if %{without errmsg} +rm %{buildroot}%{_datadir}/%{pkg_name}/errmsg-utf8.txt +rm -r %{buildroot}%{_datadir}/%{pkg_name}/{english,czech,danish,dutch,estonian,\ +french,german,greek,hungarian,italian,japanese,korean,norwegian,norwegian-ny,\ +polish,portuguese,romanian,russian,serbian,slovak,spanish,swedish,ukrainian,hindi} +%endif + +%if %{without test} +%if %{with embedded} +rm %{buildroot}%{_bindir}/{mysql_client_test_embedded,mysqltest_embedded} +rm %{buildroot}%{_bindir}/{mariadb-client-test-embedded,mariadb-test-embedded} +rm %{buildroot}%{_mandir}/man1/{mysql_client_test_embedded,mysqltest_embedded}.1* +rm %{buildroot}%{_mandir}/man1/{mariadb-client-test-embedded,mariadb-test-embedded}.1* +%endif # embedded +rm %{buildroot}%{_bindir}/{mysql_client_test,mysqltest} +rm %{buildroot}%{_bindir}/{mariadb-client-test,mariadb-test} +rm %{buildroot}%{_mandir}/man1/{mysql_client_test,mysqltest,my_safe_process}.1* +rm %{buildroot}%{_mandir}/man1/{mariadb-client-test,mariadb-test}.1* +rm %{buildroot}%{_mandir}/man1/{mysql-test-run,mysql-stress-test}.pl.1* +rm %{buildroot}/suite/plugins/pam/mariadb_mtr +rm %{buildroot}/suite/plugins/pam/pam_mariadb_mtr.so +%endif + +%if %{without galera} +rm %{buildroot}%{_sysconfdir}/sysconfig/clustercheck +rm %{buildroot}%{_bindir}/{clustercheck,galera_new_cluster} +rm %{buildroot}%{_bindir}/galera_recovery +rm %{buildroot}%{_datadir}/%{pkg_name}/systemd/use_galera_new_cluster.conf +%endif + +%if %{without rocksdb} +rm %{buildroot}%{_mandir}/man1/{mysql_,mariadb-}ldb.1* +rm %{buildroot}%{_mandir}/man1/myrocks_hotbackup.1* +%endif + +%if %{without backup} +rm %{buildroot}%{_mandir}/man1/maria{,db-}backup.1* +rm %{buildroot}%{_mandir}/man1/mbstream.1* +%endif + +%if %{without s3} +rm %{buildroot}%{_mandir}/man1/aria_s3_copy.1* +%endif + +%check +%if %{with test} +%if %runselftest +# hack to let 32- and 64-bit tests run concurrently on same build machine +export MTR_PARALLEL=1 +# Builds might happen at the same host, avoid collision +# The port used is calculated as 20 * MTR_BUILD_THREAD + 10000 +# The resulting port must be between 5000 and 32767 +# This is the same as using option "--build-thread" for the "mysql-test-run.pl" +export MTR_BUILD_THREAD=$(( $(date +%s) % 1100 )) + +# The cmake build scripts don't provide any simple way to control the +# options for mysql-test-run, so ignore the make target and just call it +# manually. Nonstandard options chosen are: +# --force to continue tests after a failure +# no retries please +# test SSL with --ssl +# skip tests that are listed in rh-skipped-tests.list +# avoid redundant test runs with --binlog-format=mixed +# increase timeouts to prevent unwanted failures during mass rebuilds + +# Usefull arguments: +# --do-test=mysql_client_test_nonblock \ +# --skip-rpl +# --suite=roles +# --mem for running in the RAM; Not enough space in KOJI for this + +( + set -ex + cd %{buildroot}%{_datadir}/mysql-test + + export common_testsuite_arguments=" --parallel=auto --force --retry=2 --suite-timeout=900 --testcase-timeout=30 --mysqld=--binlog-format=mixed --force-restart --shutdown-timeout=60 --max-test-fail=5 " + + # If full testsuite has already been run on this version and we don't explicitly want the full testsuite to be run + if [[ "%{last_tested_version}" == "%{version}" ]] && [[ %{force_run_testsuite} -eq 0 ]] + then + # in further rebuilds only run the basic "main" suite (~800 tests) + echo -e "\n\nRunning just the base testsuite\n\n" + perl ./mysql-test-run.pl $common_testsuite_arguments --ssl --suite=main --mem --skip-test-list=unstable-tests + fi + + # If either this version wasn't marked as tested yet or I explicitly want to run the testsuite, run everything we have (~4000 test) + if [[ "%{last_tested_version}" != "%{version}" ]] || [[ %{force_run_testsuite} -ne 0 ]] + then + echo -e "\n\nRunning the advanced testsuite\n\n" + perl ./mysql-test-run.pl $common_testsuite_arguments --ssl --big-test --skip-test=spider \ + %if %{ignore_testsuite_result} + --max-test-fail=9999 || : + %else + --skip-test-list=unstable-tests + %endif + # Second run for the SPIDER suites that fail with SCA (ssl self signed certificate) + perl ./mysql-test-run.pl $common_testsuite_arguments --skip-ssl --big-test --mem --suite=spider,spider/bg,spider/bugfix,spider/handler \ + %if %{ignore_testsuite_result} + --max-test-fail=999 || : + %endif + # blank line + fi + + # There might be a dangling symlink left from the testing, remove it to not be installed + rm -rf ./var +) + +# NOTE: the Spider SE has 2 more hidden testsuites "oracle" and "oracle2". +# however, all of the tests fail with: "failed: 12521: Can't use wrapper 'oracle' for SQL connection" + +%endif +%endif + + + +%pre server +/usr/sbin/groupadd -g 27 -o -r mysql >/dev/null 2>&1 || : +/usr/sbin/useradd -M -N -g mysql -o -r -d %{mysqluserhome} -s /sbin/nologin \ + -c "MySQL Server" -u 27 mysql >/dev/null 2>&1 || : + +%if %{with galera} +%post server-galera +# Allow ports needed for the replication: +# https://mariadb.com/kb/en/library/configuring-mariadb-galera-cluster/#network-ports +# Galera Replication Port +semanage port -a -t mysqld_port_t -p tcp 4567 >/dev/null 2>&1 || : +semanage port -a -t mysqld_port_t -p udp 4567 >/dev/null 2>&1 || : +# IST Port +semanage port -a -t mysqld_port_t -p tcp 4568 >/dev/null 2>&1 || : +# SST Port +semanage port -a -t mysqld_port_t -p tcp 4444 >/dev/null 2>&1 || : + +semodule -i %{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp >/dev/null 2>&1 || : +%endif + +%post server +%systemd_post %{daemon_name}.service + +%preun server +%systemd_preun %{daemon_name}.service + +%if %{with galera} +%postun server-galera +if [ $1 -eq 0 ]; then + semodule -r %{name}-server-galera 2>/dev/null || : +fi +%endif + +%postun server +%systemd_postun_with_restart %{daemon_name}.service + + + +%if %{with client} +%files +%{_bindir}/msql2mysql +%{_bindir}/{mysql,mariadb} +%{_bindir}/mysql{access,admin,binlog,check,dump,_find_rows,import,_plugin,show,slap,_waitpid} +%{_bindir}/mariadb-{access,admin,binlog,check,dump,find-rows,import,plugin,show,slap,waitpid} + +%{_mandir}/man1/msql2mysql.1* +%{_mandir}/man1/{mysql,mariadb}.1* +%{_mandir}/man1/mysql{access,admin,binlog,check,dump,_find_rows,import,_plugin,show,slap,_waitpid}.1* +%{_mandir}/man1/mariadb-{access,admin,binlog,check,dump,find-rows,import,plugin,show,slap,waitpid}.1* + +%config(noreplace) %{_sysconfdir}/my.cnf.d/mysql-clients.cnf +%endif + +%if %{with clibrary} +%files libs +%exclude %{_libdir}/{libmysqlclient.so.18,libmariadb.so,libmysqlclient.so,libmysqlclient_r.so} +%{_libdir}/libmariadb.so* +%config(noreplace) %{_sysconfdir}/my.cnf.d/client.cnf +%endif + +%if %{with config} +%files config +# although the default my.cnf contains only server settings, we put it in the +# common package because it can be used for client settings too. +%dir %{_sysconfdir}/my.cnf.d +%config(noreplace) %{_sysconfdir}/my.cnf +%endif + +%if %{with common} +%files common +%doc %{_datadir}/doc/%{_pkgdocdirname} +%dir %{_datadir}/%{pkg_name} +%{_datadir}/%{pkg_name}/charsets +%if %{with clibrary} +%{_libdir}/%{pkg_name}/plugin/dialog.so +%{_libdir}/%{pkg_name}/plugin/mysql_clear_password.so +%endif +%endif + +%if %{with errmsg} +%files errmsg +%{_datadir}/%{pkg_name}/errmsg-utf8.txt +%{_datadir}/%{pkg_name}/english +%lang(cs) %{_datadir}/%{pkg_name}/czech +%lang(da) %{_datadir}/%{pkg_name}/danish +%lang(nl) %{_datadir}/%{pkg_name}/dutch +%lang(et) %{_datadir}/%{pkg_name}/estonian +%lang(fr) %{_datadir}/%{pkg_name}/french +%lang(de) %{_datadir}/%{pkg_name}/german +%lang(el) %{_datadir}/%{pkg_name}/greek +%lang(hi) %{_datadir}/%{pkg_name}/hindi +%lang(hu) %{_datadir}/%{pkg_name}/hungarian +%lang(it) %{_datadir}/%{pkg_name}/italian +%lang(ja) %{_datadir}/%{pkg_name}/japanese +%lang(ko) %{_datadir}/%{pkg_name}/korean +%lang(no) %{_datadir}/%{pkg_name}/norwegian +%lang(no) %{_datadir}/%{pkg_name}/norwegian-ny +%lang(pl) %{_datadir}/%{pkg_name}/polish +%lang(pt) %{_datadir}/%{pkg_name}/portuguese +%lang(ro) %{_datadir}/%{pkg_name}/romanian +%lang(ru) %{_datadir}/%{pkg_name}/russian +%lang(sr) %{_datadir}/%{pkg_name}/serbian +%lang(sk) %{_datadir}/%{pkg_name}/slovak +%lang(es) %{_datadir}/%{pkg_name}/spanish +%lang(sv) %{_datadir}/%{pkg_name}/swedish +%lang(uk) %{_datadir}/%{pkg_name}/ukrainian +%endif + +%if %{with galera} +%files server-galera +%doc Docs/README-wsrep +%license LICENSE.clustercheck +%{_bindir}/clustercheck +%{_bindir}/galera_new_cluster +%{_bindir}/galera_recovery +%config(noreplace) %{_sysconfdir}/my.cnf.d/galera.cnf +%attr(0640,root,root) %ghost %config(noreplace) %{_sysconfdir}/sysconfig/clustercheck +%{_datadir}/selinux/packages/%{name}/%{name}-server-galera.pp +%endif + +%files server +%doc README.wsrep_sst_rsync_tunnel + +%{_bindir}/aria_{chk,dump_log,ftdump,pack,read_log} +%{_bindir}/mariadb-service-convert +%{_bindir}/myisamchk +%{_bindir}/myisam_ftdump +%{_bindir}/myisamlog +%{_bindir}/myisampack +%{_bindir}/my_print_defaults + +%{_bindir}/mariadb-conv + +%{_bindir}/mysql_{install_db,secure_installation,tzinfo_to_sql} +%{_bindir}/mariadb-{install-db,secure-installation,tzinfo-to-sql} +%{_bindir}/{mysqld_,mariadbd-}safe +%{_bindir}/{mysqld_safe_helper,mariadbd-safe-helper} + +%{_bindir}/innochecksum +%{_bindir}/replace +%{_bindir}/resolve_stack_dump +%{_bindir}/resolveip +%if %{with galera} +# wsrep_sst_common should be moved to /usr/share/mariadb: https://jira.mariadb.org/browse/MDEV-14296 +%{_bindir}/wsrep_* +%endif + +%config(noreplace) %{_sysconfdir}/my.cnf.d/%{pkg_name}-server.cnf +%config(noreplace) %{_sysconfdir}/my.cnf.d/enable_encryption.preset +%config(noreplace) %{_sysconfdir}/my.cnf.d/spider.cnf + +%{_sbindir}/mysqld +%{_sbindir}/mariadbd +%{_libexecdir}/{mysqld,mariadbd} + +%{_libdir}/%{pkg_name}/INFO_SRC +%{_libdir}/%{pkg_name}/INFO_BIN +%if %{without common} +%dir %{_datadir}/%{pkg_name} +%endif + +%dir %{_libdir}/%{pkg_name} +%dir %{_libdir}/%{pkg_name}/plugin + +%{_libdir}/%{pkg_name}/plugin/* +%{?with_oqgraph:%exclude %{_libdir}/%{pkg_name}/plugin/ha_oqgraph.so} +%{?with_connect:%exclude %{_libdir}/%{pkg_name}/plugin/ha_connect.so} +%{?with_cracklib:%exclude %{_libdir}/%{pkg_name}/plugin/cracklib_password_check.so} +%{?with_rocksdb:%exclude %{_libdir}/%{pkg_name}/plugin/ha_rocksdb.so} +%{?with_gssapi:%exclude %{_libdir}/%{pkg_name}/plugin/auth_gssapi.so} +%{?with_sphinx:%exclude %{_libdir}/%{pkg_name}/plugin/ha_sphinx.so} +%{?with_s3:%exclude %{_libdir}/%{pkg_name}/plugin/ha_s3.so} +%if %{with clibrary} +%exclude %{_libdir}/%{pkg_name}/plugin/dialog.so +%exclude %{_libdir}/%{pkg_name}/plugin/mysql_clear_password.so +%endif + +# PAM plugin; moved to a standalone sub-package +%exclude %{_libdir}/%{pkg_name}/plugin/{auth_pam_v1.so,auth_pam.so} +%exclude %dir %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir +%exclude %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir/auth_pam_tool + +%{_mandir}/man1/aria_{chk,dump_log,ftdump,pack,read_log}.1* +%{_mandir}/man1/galera_new_cluster.1* +%{_mandir}/man1/galera_recovery.1* +%{_mandir}/man1/mariadb-service-convert.1* +%{_mandir}/man1/myisamchk.1* +%{_mandir}/man1/myisamlog.1* +%{_mandir}/man1/myisampack.1* +%{_mandir}/man1/myisam_ftdump.1* +%{_mandir}/man1/my_print_defaults.1* + +%{_mandir}/man1/mariadb-conv.1* + +%{_mandir}/man1/mysql_{install_db,secure_installation,tzinfo_to_sql}.1* +%{_mandir}/man1/mariadb-{install-db,secure-installation,tzinfo-to-sql}.1* +%{_mandir}/man1/{mysqld_,mariadbd-}safe.1* +%{_mandir}/man1/{mysqld_safe_helper,mariadbd-safe-helper}.1* + +%{_mandir}/man1/innochecksum.1* +%{_mandir}/man1/replace.1* +%{_mandir}/man1/resolveip.1* +%{_mandir}/man1/resolve_stack_dump.1* +%{_mandir}/man8/{mysqld,mariadbd}.8* +%{_mandir}/man1/wsrep_*.1* + +%{_mandir}/man1/mysql.server.1* + +%{_datadir}/%{pkg_name}/fill_help_tables.sql +%{_datadir}/%{pkg_name}/maria_add_gis_sp.sql +%{_datadir}/%{pkg_name}/maria_add_gis_sp_bootstrap.sql +%{_datadir}/%{pkg_name}/mysql_system_tables.sql +%{_datadir}/%{pkg_name}/mysql_system_tables_data.sql +%{_datadir}/%{pkg_name}/mysql_test_data_timezone.sql +%{_datadir}/%{pkg_name}/mysql_performance_tables.sql +%{_datadir}/%{pkg_name}/mysql_test_db.sql +%if %{with mroonga} +%{_datadir}/%{pkg_name}/mroonga/install.sql +%{_datadir}/%{pkg_name}/mroonga/uninstall.sql +%license %{_datadir}/%{pkg_name}/mroonga/COPYING +%license %{_datadir}/%{pkg_name}/mroonga/AUTHORS +%license %{_datadir}/%{name}-server/groonga-normalizer-mysql/lgpl-2.0.txt +%license %{_datadir}/%{name}-server/groonga/COPYING +%doc %{_datadir}/%{name}-server/groonga-normalizer-mysql/README.md +%doc %{_datadir}/%{name}-server/groonga/README.md +%endif +%if %{with galera} +%{_datadir}/%{pkg_name}/wsrep.cnf +%endif +%{_datadir}/%{pkg_name}/wsrep_notify +%dir %{_datadir}/%{pkg_name}/policy +%dir %{_datadir}/%{pkg_name}/policy/selinux +%{_datadir}/%{pkg_name}/policy/selinux/README +%{_datadir}/%{pkg_name}/policy/selinux/mariadb-server.* +%{_datadir}/%{pkg_name}/policy/selinux/mariadb.* + +%{_unitdir}/%{daemon_name}* + +%{_libexecdir}/mariadb-prepare-db-dir +%{_libexecdir}/mariadb-check-socket +%{_libexecdir}/mariadb-check-upgrade +%{_libexecdir}/mariadb-scripts-common + +%attr(0755,mysql,mysql) %dir %{pidfiledir} +%attr(0755,mysql,mysql) %dir %{dbdatadir} +%attr(0750,mysql,mysql) %dir %{logfiledir} +# This does what it should. +# RPMLint error "conffile-without-noreplace-flag /var/log/mariadb/mariadb.log" is false positive. +%attr(0660,mysql,mysql) %config %ghost %verify(not md5 size mtime) %{logfile} +%config(noreplace) %{logrotateddir}/%{daemon_name} + +%{_tmpfilesdir}/%{name}.conf +%{_sysusersdir}/%{name}.conf + +%if %{with cracklib} +%files cracklib-password-check +%config(noreplace) %{_sysconfdir}/my.cnf.d/cracklib_password_check.cnf +%{_libdir}/%{pkg_name}/plugin/cracklib_password_check.so +%endif + +%if %{with backup} +%files backup +%{_bindir}/maria{,db-}backup +%{_bindir}/mbstream +%{_mandir}/man1/maria{,db-}backup.1* +%{_mandir}/man1/mbstream.1* +%endif + +%if %{with rocksdb} +%files rocksdb-engine +%config(noreplace) %{_sysconfdir}/my.cnf.d/rocksdb.cnf +%{_bindir}/myrocks_hotbackup +%{_bindir}/{mysql_,mariadb-}ldb +%{_bindir}/sst_dump +%{_libdir}/%{pkg_name}/plugin/ha_rocksdb.so +%{_mandir}/man1/{mysql_,mariadb-}ldb.1* +%{_mandir}/man1/myrocks_hotbackup.1* +%endif + +%if %{with gssapi} +%files gssapi-server +%{_libdir}/%{pkg_name}/plugin/auth_gssapi.so +%config(noreplace) %{_sysconfdir}/my.cnf.d/auth_gssapi.cnf +%endif + +%if %{with pam} +%files pam +%{_libdir}/%{pkg_name}/plugin/{auth_pam_v1.so,auth_pam.so} +%attr(0755,root,root) %dir %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir +# SUID-to-root binary. Access MUST be restricted (https://jira.mariadb.org/browse/MDEV-25126) +%attr(4750,root,mysql) %{_libdir}/%{pkg_name}/plugin/auth_pam_tool_dir/auth_pam_tool +%{_libdir}/security/pam_user_map.so +%config(noreplace) %{_sysconfdir}/security/user_map.conf +%endif + +%if %{with sphinx} +%files sphinx-engine +%{_libdir}/%{pkg_name}/plugin/ha_sphinx.so +%endif + +%if %{with oqgraph} +%files oqgraph-engine +%config(noreplace) %{_sysconfdir}/my.cnf.d/oqgraph.cnf +%{_libdir}/%{pkg_name}/plugin/ha_oqgraph.so +%endif + +%if %{with connect} +%files connect-engine +%config(noreplace) %{_sysconfdir}/my.cnf.d/connect.cnf +%{_libdir}/%{pkg_name}/plugin/ha_connect.so +%endif + +%if %{with s3} +%files s3-engine +%{_bindir}/aria_s3_copy +%{_mandir}/man1/aria_s3_copy.1* +%config(noreplace) %{_sysconfdir}/my.cnf.d/s3.cnf +%{_libdir}/%{pkg_name}/plugin/ha_s3.so +%endif + +%files server-utils +# Perl utilities +%{_bindir}/mysql{_convert_table_format,dumpslow,_fix_extensions,hotcopy,_setpermission} +%{_bindir}/mariadb-{convert-table-format,dumpslow,fix-extensions,hotcopy,setpermission} +%{_bindir}/{mysqld_,mariadbd-}multi + +%{_mandir}/man1/mysql{_convert_table_format,dumpslow,_fix_extensions,hotcopy,_setpermission}.1* +%{_mandir}/man1/mariadb-{convert-table-format,dumpslow,fix-extensions,hotcopy,setpermission}.1* +%{_mandir}/man1/{mysqld_,mariadbd-}multi.1* +# Utilities that can be used remotely +%{_bindir}/{mysql_,mariadb-}upgrade +%{_bindir}/perror +%{_mandir}/man1/{mysql_,mariadb-}upgrade.1* +%{_mandir}/man1/perror.1* + +%if %{with devel} +%files devel +%{_includedir}/* +%{_datadir}/aclocal/mysql.m4 +%{_libdir}/pkgconfig/*mariadb.pc +%if %{with clibrary} +%{_libdir}/{libmysqlclient.so.18,libmariadb.so,libmysqlclient.so,libmysqlclient_r.so} +%{_bindir}/mysql_config* +%{_bindir}/mariadb_config* +%{_bindir}/mariadb-config +%{_libdir}/libmariadb.so +%{_libdir}/libmysqlclient.so +%{_libdir}/libmysqlclient_r.so +%{_mandir}/man1/mysql_config* +%endif +%endif + +%if %{with embedded} +%files embedded +%{_libdir}/libmariadbd.so.* + +%files embedded-devel +%{_libdir}/libmysqld.so +%{_libdir}/libmariadbd.so +%endif + +%if %{with test} +%files test +%if %{with embedded} +%{_bindir}/test-connect-t +%{_bindir}/{mysql_client_test_embedded,mysqltest_embedded} +%{_bindir}/{mariadb-client-test-embedded,mariadb-test-embedded} +%{_mandir}/man1/{mysql_client_test_embedded,mysqltest_embedded}.1* +%{_mandir}/man1/{mariadb-client-test-embedded,mariadb-test-embedded}.1* +%endif +%{_bindir}/{mysql_client_test,mysqltest,mariadb-client-test,mariadb-test} +%{_bindir}/my_safe_process +%attr(-,mysql,mysql) %{_datadir}/mysql-test +%{_mandir}/man1/{mysql_client_test,mysqltest,mariadb-client-test,mariadb-test}.1* +%{_mandir}/man1/my_safe_process.1* +%{_mandir}/man1/mysql-stress-test.pl.1* +%{_mandir}/man1/mysql-test-run.pl.1* +%endif + +%changelog +* Mon Feb 07 2022 Honza Horak - 3:10.5.13-2 +- Fix md5 in FIPS mode with OpenSSL 3.0.0 + Resolves: #2050541 + +* Thu Dec 02 2021 Michal Schorm - 3:10.5.13-1 +- Rebase to 10.5.13 + +* Thu Nov 18 2021 Honza Horak - 3:10.5.12-4 +- Use OpenSSL 3.0.0 patch from upstream + Related: #1991498 + +* Mon Oct 11 2021 Michal Schorm - 3:10.5.12-3 +- Add wsrep_sst_rsync_tunnel script + +* Tue Aug 17 2021 Honza Horak - 3:10.5.12-2 +- Fix OpenSSL 3.x compatibility + Resolves: #1962047 + +* Tue Aug 17 2021 Michal Schorm - 3:10.5.12-1 +- Rebase to 10.5.12 + +* Tue Aug 17 2021 Michal Schorm - 3:10.5.11-1 +- Rebase to 10.5.11 +- Set user_map.conf file to be noreplace config file + +* Mon Aug 09 2021 Mohan Boddu +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Sat Aug 7 2021 Florian Weimer - 3:10.5.10-5 +- Another rebuild against pcre2-10.37 (bug #1970765) + +* Wed Jul 28 2021 Lukas Javorsky - 3:10.5.10-4 +- Rebuild against pcre2-10.37 (bug #1970765) + +* Wed Jun 16 2021 Mohan Boddu +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Wed May 12 2021 Michal Schorm - 3:10.5.10-2 +- Use modified sources instead of the upstream original ones + +* Tue May 11 2021 Michal Schorm - 3:10.5.10-1 +- Rebase to 10.5.10 + +* Tue May 11 2021 Honza Horak - 3:10.5.9-9 +- Fix OpenSSL 3.x compatibility + Resolves: #1962047 + +* Mon May 03 2021 Michal Schorm - 3:10.5.9-8 +- Fix package Conflicts + +* Fri Apr 30 2021 Michal Schorm - 3:10.5.9-7 +- Rebuilt for RHEL 9 BETA + +* Fri Apr 16 2021 Mohan Boddu - 3:10.5.9-6 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Mar 30 2021 Jonathan Wakely - 3:10.5.9-5 +- Rebuilt for removed libstdc++ symbol (#1937698) + +* Thu Mar 18 2021 Michal Schorm - 3:10.5.9-4 +- Move PAM plugin to standalone subpackage + +* Thu Mar 18 2021 Michal Schorm - 3:10.5.9-3 +- Fixed permissions on files from PAMv2 plugin + +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 3:10.5.9-2 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + +* Wed Feb 24 2021 Michal Schorm - 3:10.5.9-1 +- Rebase to 10.5.9 + +* Tue Feb 16 2021 Lukas Javorsky - 3:10.5.8-8 +- Replace the tokudb Obsoletes to the right place +- Resolves: #1928757 + +* Fri Feb 12 2021 Michal Schorm - 3:10.5.8-7 +- Enhance the logrotate script +- Resolves: #1683981 + +* Fri Feb 12 2021 Michal Schorm - 3:10.5.8-6 +- Fix Perl database driver dependency + +* Wed Feb 10 2021 Michal Schorm - 3:10.5.8-5 +- Add support for S3 storage engine + +* Thu Jan 28 2021 Honza Horak - 3:10.5.8-4 +- For compatibility with upstream RPMs, create mysqld symlink in sbin + +* Tue Jan 26 2021 Fedora Release Engineering - 3:10.5.8-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Dec 11 2020 Lukas Javorsky - 3:10.5.8-2 +- Add tokudb-engine to obsoletes +- Resolves: #1906559 + +* Wed Nov 11 2020 Michal Schorm - 3:10.5.8-1 +- Rebase to 10.5.8 + +* Fri Nov 06 2020 Michal Schorm - 3:10.5.7-1 +- Rebase to 10.5.7 + +* Mon Sep 21 2020 Lukas Javorsky - 3:10.5.5-1 +- Rebase to 10.5.5 +- Fix mariadb-ownsetup +- Add manual for aria_s3_copy + +* Wed Sep 16 2020 Lukas Javorsky - 3:10.5.4-1 +- Rebase to 10.5.4 +- Add spider.cnf to the server config files + +* Mon Sep 14 2020 Lukas Javorsky - 3:10.5.3-1 +- Rebase to 10.5.3 + +* Fri Sep 11 2020 Michal Schorm - 3:10.5.2-1 +- Test rebase to 10.5.2 - Beta +- TokuDB SE has been deprecated + +* Thu Sep 10 2020 Michal Schorm - 3:10.5.1-1 +- Test rebase to 10.5.1 - Beta + +* Thu Sep 10 2020 Michal Schorm - 3:10.5.0-1 +- Test rebase to 10.5.0 - Alpha + +* Sun Sep 06 2020 Michal Schorm - 3:10.4.14-3 +- Resolves: #1851605 + +* Thu Sep 03 2020 Michal Schorm - 3:10.4.14-2 +- Resolves: #1873999, #1874446 + +* Thu Aug 20 2020 Michal Schorm - 3:10.4.14-1 +- Rebase to 10.4.14 + +* Tue Aug 18 2020 Michal Schorm - 3:10.4.13-7 +- Do CMake out-of-source builds +- Force the CMake change regarding the in-source builds also to F31 and F32 +- Use CMake macros instead of cmake & make direct commands +- %%cmake macro covers the %%{set_build_flags}, so they are not needed + Other changes to compile flags must be specified *after* the %%cmake macro + +* Wed Aug 05 2020 Jeff Law - 3:10.4.13-6 +- Disable LTO + +* Sat Aug 01 2020 Fedora Release Engineering - 3:10.4.13-5 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 3:10.4.13-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue Jul 14 2020 Michal Schorm - 3:10.4.13-3 +- Make conflicts between corresponding mariadb and mysql packages explicit +- Get rid of the Conflicts macro, it was intended to mark conflicts with + *upstream* packages + +* Fri Jun 05 2020 Michal Schorm - 3:10.4.13-2 +- Extend Perl "Requires" filtering to wsrep + Resolves: #1845376 + +* Fri Jun 05 2020 Michal Schorm - 3:10.4.13-1 +- Rebase to 10.4.13 + +* Sun May 24 2020 Lukas Javorsky - 3:10.4.12-6 +- Remove mariadb_rpl.h from includedir to prevent conflict with connector-c's libraries + +* Thu Apr 02 2020 Björn Esser - 3:10.4.12-5 +- Fix string quoting for rpm >= 4.16 + +* Thu Mar 26 2020 Jitka Plesnikova - 3:10.4.12-4 +- Add perl dependencies needed for tests + +* Mon Mar 16 2020 Michal Schorm - 3:10.4.12-3 +- Rebase mariadb-connector-c git submodule to commit fbf1db6 + For fix: https://jira.mariadb.org/browse/CONC-441 + +* Tue Mar 10 2020 Michal Schorm - 3:10.4.12-2 +- Update the fix for building in the debug mode + +* Thu Feb 06 2020 Michal Schorm - 3:10.4.12-1 +- Rebase to 10.4.12 + +* Wed Jan 29 2020 Fedora Release Engineering - 3:10.4.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jan 17 2020 Michal Schorm - 3:10.4.11-1 +- Rebase to 10.4.11 + Related: #1756468 +- Remove 'bench' subpackage. Upstream no longer maintains it. +- Use Valgrind for debug builds +- Remove ancient obsoletions +- Tweak build flags +- Add patch for auth_pam_tool directory + +* Fri Jan 10 2020 Michal Schorm - 3:10.3.21-1 +- Rebase to 10.3.21 + +* Mon Nov 18 2019 Lukas Javorsky - 3:10.3.20-3 +- Change path of groonga's packaged files +- Fix bz#1763287 + +* Tue Nov 12 2019 Michal Schorm - 3:10.3.20-2 +- Rebuild on top fo new mariadb-connector-c + +* Mon Nov 11 2019 Michal Schorm - 3:10.3.20-1 +- Rebase to 10.3.20 + +* Wed Nov 06 2019 Michal Schorm - 3:10.3.19-1 +- Rebase to 10.3.19 + +* Thu Oct 31 2019 Carl George - 3:10.3.18-1 +- Rebase to 10.3.18 + +* Wed Sep 11 2019 Michal Schorm - 3:10.3.17-3 +- Disable building of the ed25519 client plugin. + From now on it will be shipped by 'mariadb-connector-c' package + +* Fri Sep 06 2019 Michal Schorm - 3:10.3.17-2 +- Fix the debug build + +* Thu Aug 01 2019 Michal Schorm - 3:10.3.17-1 +- Rebase to 10.3.17 + +* Thu Jul 25 2019 Fedora Release Engineering - 3:10.3.16-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Tue Jun 18 2019 Michal Schorm - 3:10.3.16-1 +- Rebase to 10.3.16 +- Added patch for armv7hl builds of spider SE + +* Tue Jun 11 2019 Michal Schorm - 3:10.3.15-1 +- Rebase to 10.3.15 +- CVEs fixed: + CVE-2019-2510 CVE-2019-2537 +- CVEs fixed: + CVE-2019-2614 CVE-2019-2627 CVE-2019-2628 + +* Tue Jun 11 2019 Michal Schorm - 3:10.3.12-15 +- Remove Cassandra subpackage; it is no longer developed + +* Thu Mar 21 2019 Michal Schorm - 3:10.3.12-14 +- Fix building of TokuDB with Jemalloc 5 +- Fix building with / without lz4 + +* Thu Mar 21 2019 Michal Schorm - 3:10.3.12-13 +- Add patch for mysqld_safe --dry-run + +* Wed Mar 20 2019 Michal Schorm - 3:10.3.12-12 +- Add patch for server pkgconfig file location + +* Sat Feb 23 2019 Pavel Raiskup - 3:10.3.12-11 +- conditionally depend on selinux-policy-targeted again (rhbz#1665643) + +* Mon Feb 11 2019 Michal Schorm - 3:10.3.12-10 +- Disable the requirement of mysql-selinux, until its bug is solved for good; #1665643 + +* Fri Feb 01 2019 Fedora Release Engineering - 3:10.3.12-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Jan 30 2019 Honza Horak - 3:10.3.12-8 +- Fix several SSL tests that failed because of different SSL cipher expectation + +* Wed Jan 23 2019 Michal Schorm - 3:10.3.12-7 +- Fix TokuDB Jemalloc ld_preload + Resolves: #1668375 +- Tweak macros usage + +* Sat Jan 19 2019 Michal Schorm - 3:10.3.12-6 +- Enable mysql-selinux requirement +- Tweak the testsuite execution, speed up the testsuite on rebuilds +- Change weak dependency of RocksDB and TokuDB storage engines + from Recommends to Suggests +- Add "Suggests" weak dependencies to more storage engines + +* Wed Jan 16 2019 Michal Schorm - 3:10.3.12-5 +- Tweak handling of the mysql-selinux requirement, leave disabled due to #1665643 + +* Mon Jan 14 2019 Björn Esser - 3:10.3.12-4 +- Rebuilt for libcrypt.so.2 (#1666033) + +* Fri Jan 11 2019 Kevin Fenzi - 3:10.3.12-3 +- Drop mysql-selinux recommends for now due to bug #1665643 + +* Wed Jan 09 2019 Honza Horak - 3:10.3.12-2 +- Use specific python shebang + +* Tue Jan 08 2019 Michal Schorm - 3:10.3.12-1 +- Rebase to 10.3.12 +- Disable building of the caching_sha2_password plugin, it is shipped + by 'mariadb-connector-c' +- Remove libmariadb.pc, is it shipped by 'mariadb-connector-c' + +* Mon Dec 10 2018 Michal Schorm - 3:10.3.11-1 +- Rebase to 10.3.11 +- CVEs fixed: + CVE-2018-3282, CVE-2016-9843, CVE-2018-3174, CVE-2018-3143, CVE-2018-3156 + CVE-2018-3251, CVE-2018-3185, CVE-2018-3277, CVE-2018-3162, CVE-2018-3173 + CVE-2018-3200, CVE-2018-3284 + +* Fri Oct 05 2018 Michal Schorm - 3:10.3.10-1 +- Rebase to 10.3.10 + +* Tue Sep 04 2018 Michal Schorm - 3:10.3.9-2 +- Fix parallel installability of x86_64 and i686 devel packages + +* Mon Aug 20 2018 Michal Schorm - 3:10.3.9-1 +- Rebase to 10.3.9 + +* Fri Aug 10 2018 Petr Lautrbach - 3:10.3.8-5 +- Update mariadb-server-galera sub-package to require the correct package with /usr/sbin/semanage + +* Wed Jul 25 2018 Honza Horak - 3:10.3.8-4 +- Do not build config on systems where mariadb-connector-c-config exists instead + +* Tue Jul 17 2018 Honza Horak - 3:10.3.8-3 +- Move config files mysql-clients.cnf and enable_encryption.preset to correct + sub-packages, similar to what upstream does + +* Fri Jul 13 2018 Fedora Release Engineering - 3:10.3.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jul 03 2018 Michal Schorm - 3:10.3.8-1 +- Rebase to 10.3.8 +- Build TokuDB with jemalloc + +* Wed Jun 27 2018 Michal Schorm - 3:10.3.7-2 +- Rebase to 10.3.7 +- Remove the galera obsoletes + +* Tue Jun 05 2018 Honza Horak - 3:10.2.15-2 +- Use mysqladmin for checking the socket +- Jemalloc dependency moved to the TokuDB subpackage. + CMake jemalloc option removed, not used anymore. + The server doesn't need jemalloc since 10.2: https://jira.mariadb.org/browse/MDEV-11059 +- Build MariaDB with TokuDB without Jemalloc. + +* Wed May 23 2018 Michal Schorm - 3:10.2.15-1 +- Rebase to 10.2.15 +- CVEs fixed: #1568962 + CVE-2018-2755 CVE-2018-2761 CVE-2018-2766 CVE-2018-2771 CVE-2018-2781 + CVE-2018-2782 CVE-2018-2784 CVE-2018-2787 CVE-2018-2813 CVE-2018-2817 + CVE-2018-2819 CVE-2018-2786 CVE-2018-2759 CVE-2018-2777 CVE-2018-2810 + +* Thu Mar 29 2018 Michal Schorm - 3:10.2.14-1 +- Rebase to 10.2.14 +- Update testsuite run for SSL self signed certificates + +* Tue Mar 6 2018 Michal Schorm - 3:10.2.13-2 +- Further fix of ldconfig scriptlets for F27 +- Fix hardcoded paths, move unversioned libraries and symlinks to the devel subpackage + +* Thu Mar 1 2018 Michal Schorm - 3:10.2.13-1 +- Rebase to 10.2.13 + +* Mon Feb 26 2018 Michal Schorm - 3:10.2.12-8 +- SPECfile refresh, RHEL6, SySV init and old fedora stuff removed + +* Sun Feb 25 2018 Michal Schorm - 3:10.2.12-7 +- Rebuilt for ldconfig_post and ldconfig_postun bug + Related: #1548331 + +* Thu Feb 08 2018 Fedora Release Engineering - 3:10.2.12-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Jan 26 2018 Michal Schorm - 3:10.2.12-5 +- Use '-ldl' compiler flag when associated library used + Resolves: #1538990 + +* Thu Jan 25 2018 Michal Schorm - 3:10.2.12-4 +- Fix the upgrade path. Build TokuDB subpackage again, but build a unsupported + configuration by upstream (without Jemalloc). + Jemmalloc has been updated to version 5, which isn't backwards compatible. +- Use downstream tmpfiles instead of the upstream one + Related: #1538066 + +* Sat Jan 20 2018 Björn Esser - 3:10.2.12-3 +- Rebuilt for switch to libxcrypt + +* Thu Jan 11 2018 Honza Horak - 3:10.2.12-1 +- Do not build connect plugin with mongo and jdbc connectors +- Support MYSQLD_OPTS and _WSREP_NEW_CLUSTER env vars in init script, + same as it is done in case of systemd unit file + Related: #1455850 +- Print the same messages as before when starting the service in SysV init, + to not scare users + Related: #1463411 + +* Wed Jan 10 2018 Michal Schorm - 3:10.2.12-1 +- Rebase to 10.2.12 +- Temporary fix for https://jira.mariadb.org/browse/MDEV-14537 removed +- TokuDB disabled + +* Mon Dec 11 2017 Michal Schorm - 3:10.2.11-2 +- Temporary fix for #1523875 removed, bug in Annobin fixed + Resolves: #1523875 + +* Sat Dec 09 2017 Michal Schorm - 3:10.2.11-1 +- Rebase to 10.2.11 +- Temporary fix for https://jira.mariadb.org/browse/MDEV-14537 introduced +- Temporary fix for #1523875 intoruced + Related: #1523875 + +* Wed Dec 06 2017 Michal Schorm - 3:10.2.10-2 +- Fix PID file location + Related: #1483331, #1515779 +- Remove 'Group' tags as they should not be used any more + Related: https://fedoraproject.org/wiki/RPMGroups + +* Mon Nov 20 2017 Michal Schorm - 3:10.2.10-1 +- Rebase to 10.2.10 version +- Patch 2: mariadb-install-test.patch has been incorporated by upstream +- Patch 8: mariadb-install-db-sharedir.patch; upstream started to use macros +- Update PCRE check +- Start using location libdir/mariadb for plugins +- Move libraries to libdir +- Divided to more sub-packages to match upstream's RPM list + Resolves: #1490401; #1400463 +- Update of Cmake arguments to supported format + Related: https://lists.launchpad.net/maria-discuss/msg04852.html +- Remove false Provides + +* Thu Oct 05 2017 Michal Schorm - 3:10.2.9-3 +- Fix client library obsolete + Related: #1498956 +- Enable testsuite again +- RPMLint error fix: + Remove unused python scripts which remained from TokuDB upstream +- RPMLint error fix: description line too long + +* Wed Oct 04 2017 Michal Schorm - 3:10.2.9-2 +- Fix of "with" and "without" macros, so they works +- Use 'iproute' dependency instead of 'net-tools' + Related: #1496131 +- Set server package to own /usr/lib64/mysql directory +- Use correct obsolete, so upgrade from maridb 10.1 to 10.2 is possible + with dnf "--allowerasing" option + Related: #1497234 +- Fix building with client library + +* Thu Sep 28 2017 Michal Schorm - 3:10.2.9-1 +- Rebase to 10.2.9 +- Testsuite temorarly disabled in order to fast deploy critical fix + Related: #1497234 + +* Wed Sep 20 2017 Michal Schorm - 3:10.2.8-5 +- Fix building without client library part +- Start building mariadb without client library part, + use mariadb-connector-c package >= 3.0 instead +- Use obosletes of "-libs" in "-common", if built without client library part + +* Mon Aug 28 2017 Honza Horak - 3:10.2.8-2 +- Fix paths in galera_recovery and galera_new_cluster + Resolves: #1403416 +- Support --defaults-group-suffix properly in systemd unit file + Resolves: #1485777 +- Allow 4567 port for tcp as well +- Install mysql-wait-ready on RHEL-6 for the SysV init +- Run mysql-prepare-db-dir as non-root +- Sync mysql.init with community-mysql + +* Sun Aug 20 2017 Honza Horak - 3:10.2.8-1 +- Rebase to 10.2.8 + +* Thu Aug 03 2017 Fedora Release Engineering - 3:10.2.7-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 3:10.2.7-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 25 2017 Adam Williamson - 3:10.2.7-6 +- Revert previous change, go back to libmariadb headers (RHBZ #1474764) + +* Fri Jul 21 2017 Adam Williamson - 3:10.2.7-5 +- Install correct headers (server, not client) - MDEV-13370 + +* Wed Jul 19 2017 Jonathan Wakely - 3:10.2.7-4 +- Rebuilt for s390x binutils bug + +* Tue Jul 18 2017 Jonathan Wakely - 3:10.2.7-3 +- Rebuilt for Boost 1.64 + +* Thu Jul 13 2017 Michal Schorm - 3:10.2.7-2 +- Remove mysql-wait-* scripts. They aren't needed when using systemd "Type=notify" + +* Thu Jul 13 2017 Michal Schorm - 3:10.2.7-1 +- Rebase to 10.2.7 +- Get back mysql_config, its "--libmysqld-libs" is still needed + +* Wed Jul 12 2017 Adam Williamson - 3:10.2.6-4 +- Add manual Provides: for the libmysqlcient compat symlink + +* Wed Jul 12 2017 Adam Williamson - 3:10.2.6-3 +- Move libmysqlclient.so.18 compat link to -libs subpackage + +* Tue Jul 11 2017 Michal Schorm - 3:10.2.6-2 +- Disable Dtrace +- Disable Sphinx, circural dependency + +* Tue Jul 11 2017 Michal Schorm - 3:10.2.6-1 +- Rebase to 10.2.6 +- SSL patch removed +- 'libmariadb.so.3' replaced 'limysqlclient.so.18.0.0', symlinks provided +- "make test" removed, it needs running server and same test are included in the testsuite + +* Mon Jul 10 2017 Michal Schorm - 3:10.1.25-1 +- Rebase to 10.1.25 +- Disable plugins 'cracklib' and 'gssapi' by default +- Related: #1468028, #1464070 +- Looks like the testsuite removes its 'var' content correctly, + no need to do that explicitly. + +* Fri Jul 07 2017 Igor Gnatenko - 3:10.1.24-5 +- Rebuild due to bug in RPM (RHBZ #1468476) + +* Mon Jun 19 2017 Michal Schorm - 3:10.1.24-4 +- Use "/run" location instead of "/var/run" symlink +- Related: #1455811 +- Remove AppArmor files + +* Fri Jun 09 2017 Honza Horak - 3:10.1.24-3 +- Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265 +- Resolves: #1458940 +- Check properly that datadir includes only expected files +- Related: #1356897 + +* Wed Jun 07 2017 Michal Schorm - 3:10.1.24-2 +- Fixed incorrect Jemalloc initialization; #1459671 + +* Fri Jun 02 2017 Michal Schorm - 3:10.1.24-1 +- Rebase to 10.1.24 +- Build dependecies Bison and Libarchive added, others corrected +- Disabling Mroonga engine for i686 architecture, as it is not supported by MariaDB +- Removed patches: (fixed by upstream) + Patch5: mariadb-file-contents.patch + Patch14: mariadb-example-config-files.patch + Patch31: mariadb-string-overflow.patch + Patch32: mariadb-basedir.patch + Patch41: mariadb-galera-new-cluster-help.patch +- Resolves: rhbz#1414387 + CVE-2017-3313 +- Resolves partly: rhbz#1443408 + CVE-2017-3308 CVE-2017-3309 CVE-2017-3453 CVE-2017-3456 CVE-2017-3464 + +* Tue May 23 2017 Michal Schorm - 3:10.1.21-6 +- Plugin oqgraph enabled +- Plugin jemalloc enabled +- 'force' option for 'rm' removed +- Enabled '--big-test' option for the testsuite +- Disabled '--skip-rpl' option for the testsuite = replication tests enabled +- Multilib manpage added + +* Mon May 15 2017 Fedora Release Engineering - 3:10.1.21-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild + +* Tue Mar 07 2017 Michal Schorm - 3:10.1.21-4 +- Cracklib plugin enabled +- Removed strmov patch, it is no longer needed. The issue was fixed long ago in both MariaDB and MySQL + +* Wed Feb 15 2017 Michal Schorm - 3:10.1.21-3 +- Fix for some RPMLint issues +- Fix: Only server utilities can be move to server-utils subpackage. The rest (from client) + were moved back to where they came from (client - the main subpackage) +- Added correct "Obsoletes" for the server-utils subpackage +- Fixed FTBFS in F26 on x86_64, because of -Werror option +- Related: #1421092, #1395127 + +* Fri Feb 10 2017 Fedora Release Engineering - 3:10.1.21-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 24 2017 Michal Schorm - 3:10.1.21-1 +- Rebase to version 10.1.21 +- Most of the non-essential utilites has been moved to the new sub-package mariadb-server-utils +- Patches "admincrash" and "errno" removed, they are no longer relevant + "mysql-embedded-check.c" removed, no longer relevant +- Buildrequires krb5-devel duplicity removed +- Manpage for mysql_secure_installation extended +- Preparation for the CrackLib plugin to be added (waiting for correct SELinux rules to be relased) +- Related: #1260821, #1205082, #1414387 + +* Tue Jan 03 2017 Honza Horak - 3:10.1.20-3 +- Add explicit EVR requirement in main package for -libs +- Related: #1406320 + +* Tue Dec 20 2016 Honza Horak - 3:10.1.20-2 +- Use correct macro when removing doc files +- Resolves: #1400981 + +* Sat Dec 17 2016 Michal Schorm - 3:10.1.20-1 +- Rebase to version 10.1.20 +- Related: #1405258 + +* Fri Dec 02 2016 Michal Schorm - 3:10.1.19-6 +- Move patch from specfile to standalone patch file +- Related: #1382988 + +* Thu Dec 01 2016 Rex Dieter - 3:10.1.19-6 +- -devel: use pkgconfig(openssl) to allow any implementation (like compat-openssl10) + +* Wed Nov 30 2016 Michal Schorm - 3:10.1.19-5 +- Testsuite blacklists heavily updated. Current tracker: #1399847 +- Log-error option added to all config files examples +- Resolves: #1382988 + +* Wed Nov 16 2016 Michal Schorm - 3:10.1.19-4 +- JdbcMariaDB.jar test removed +- PCRE version check added +- Related: #1382988, #1396945, #1096787 + +* Wed Nov 16 2016 Michal Schorm - 3:10.1.19-4 +- test suite ENABLED, consensus was made it still should be run every build + +* Wed Nov 16 2016 Michal Schorm - 3:10.1.19-2 +- fixed bug 1382988 +- added comment to the test suite +- test suite DISABLED for most builds in Koji, see comments + +* Wed Nov 16 2016 Michal Schorm - 3:10.1.19-1 +- Update to 10.1.19 +- added temporary support to build with OpenSSL 1.0 on Fedora >= 26 +- added krb5-devel pkg as Buldrquires to prevent gssapi failure + +* Tue Oct 4 2016 Jakub Dorňák - 3:10.1.18-1 +- Update to 10.1.18 + +* Wed Aug 31 2016 Jakub Dorňák - 3:10.1.17-1 +- Update to 10.1.17 + +* Mon Aug 29 2016 Jakub Dorňák - 3:10.1.16-2 +- Fixed galera replication +- Resolves: #1352946 + +* Tue Jul 19 2016 Jakub Dorňák - 3:10.1.16-1 +- Update to 10.1.16 + +* Fri Jul 15 2016 Honza Horak - 3:10.1.14-5 +- Fail build when test-suite fails +- Use license macro for inclusion of licenses + +* Thu Jul 14 2016 Honza Horak - 3:10.1.14-4 +- Revert Update to 10.1.15, this release is broken + https://lists.launchpad.net/maria-discuss/msg03691.html + +* Thu Jul 14 2016 Honza Horak - 2:10.1.15-3 +- Check datadir more carefully to avoid unwanted data corruption +- Related: #1335849 + +* Thu Jul 7 2016 Jakub Dorňák - 2:10.1.15-2 +- Bump epoch + (related to the downgrade from the pre-release version) + +* Fri Jul 1 2016 Jakub Dorňák - 1:10.1.15-1 +- Update to 10.1.15 + +* Fri Jul 1 2016 Jakub Dorňák - 1:10.1.14-3 +- Revert "Update to 10.2.0" + It is possible that MariaDB 10.2.0 won't be stable till f25 GA. + +* Tue Jun 21 2016 Pavel Raiskup - 1:10.1.14-3 +- BR multilib-rpm-config and use it for multilib workarounds +- install architecture dependant pc file to arch-dependant location + +* Thu May 26 2016 Jakub Dorňák - 1:10.2.0-2 +- Fix mysql-prepare-db-dir +- Resolves: #1335849 + +* Thu May 12 2016 Jakub Dorňák - 1:10.2.0-1 +- Update to 10.2.0 + +* Thu May 12 2016 Jakub Dorňák - 1:10.1.14-1 +- Add selinux policy +- Update to 10.1.14 (includes various bug fixes) +- Add -h and --help options to galera_new_cluster + +* Thu Apr 7 2016 Jakub Dorňák - 1:10.1.13-3 +- wsrep_on in galera.cnf + +* Tue Apr 5 2016 Jakub Dorňák - 1:10.1.13-2 +- Moved /etc/sysconfig/clustercheck + and /usr/share/mariadb/systemd/use_galera_new_cluster.conf + to mariadb-server-galera + +* Tue Mar 29 2016 Jakub Dorňák - 1:10.1.13-1 +- Update to 10.1.13 + +* Wed Mar 23 2016 Jakub Dorňák - 1:10.1.12-4 +- Fixed conflict with mariadb-galera-server + +* Tue Mar 22 2016 Jakub Dorňák - 1:10.1.12-3 +- Add subpackage mariadb-server-galera +- Resolves: 1310622 + +* Tue Mar 01 2016 Honza Horak - 1:10.1.12-2 +- Rebuild for BZ#1309199 (symbol versioning) + +* Mon Feb 29 2016 Jakub Dorňák - 1:10.1.12-1 +- Update to 10.1.12 + +* Tue Feb 16 2016 Honza Horak - 1:10.1.11-9 +- Remove dangling symlink to /etc/init.d/mysql + +* Sat Feb 13 2016 Honza Horak - 1:10.1.11-8 +- Use epoch for obsoleting mariadb-galera-server + +* Fri Feb 12 2016 Honza Horak - 1:10.1.11-7 +- Add Provides: bundled(pcre) in case we build with bundled pcre +- Related: #1302296 +- embedded-devel should require libaio-devel +- Resolves: #1290517 + +* Fri Feb 12 2016 Honza Horak - 1:10.1.11-6 +- Fix typo s/obsolate/obsolete/ + +* Thu Feb 11 2016 Honza Horak - 1:10.1.11-5 +- Add missing requirements for proper wsrep functionality +- Obsolate mariadb-galera & mariadb-galera-server (thanks Tomas Repik) +- Resolves: #1279753 +- Re-enable using libedit, which should be now fixed +- Related: #1201988 +- Remove mariadb-wait-ready call from systemd unit, we have now systemd notify support +- Make mariadb@.service similar to mariadb.service + +* Mon Feb 08 2016 Honza Horak - 1:10.1.11-4 +- Use systemd unit file more compatible with upstream + +* Sun Feb 07 2016 Honza Horak - 1:10.1.11-3 +- Temporarily disabling oqgraph for + https://mariadb.atlassian.net/browse/MDEV-9479 + +* Thu Feb 04 2016 Fedora Release Engineering - 1:10.1.11-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Feb 3 2016 Jakub Dorňák - 1:10.1.11-1 +- Update to 10.1.11 + +* Tue Jan 19 2016 Jakub Dorňák - 1:10.1.10-1 +- Update to 10.1.10 + +* Mon Dec 07 2015 Dan Horák - 1:10.1.8-3 +- rebuilt for s390(x) + +* Tue Nov 03 2015 Honza Horak - 1:10.1.8-2 +- Expand variables in server.cnf + +* Thu Oct 22 2015 Jakub Dorňák - 1:10.1.8-1 +- Update to 10.1.8 + +* Thu Aug 27 2015 Jonathan Wakely - 1:10.0.21-2 +- Rebuilt for Boost 1.59 + +* Mon Aug 10 2015 Jakub Dorňák - 1:10.0.21-1 +- Update to 10.0.21 + +* Wed Jul 29 2015 Fedora Release Engineering - 1:10.0.20-3 +- Rebuilt for https://fedoraproject.org/wiki/Changes/F23Boost159 + +* Wed Jul 22 2015 David Tardon - 1:10.0.20-2 +- rebuild for Boost 1.58 + +* Tue Jun 23 2015 Honza Horak - 1:10.0.20-1 +- Update to 10.0.20 + +* Wed Jun 17 2015 Fedora Release Engineering - 1:10.0.19-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Jun 03 2015 Dan Horák - 1:10.0.19-2 +- Update lists of failing tests (jdornak) +- Related: #1149647 + +* Mon May 11 2015 Honza Horak - 1:10.0.19-1 +- Update to 10.0.19 + +* Thu May 07 2015 Honza Horak - 1:10.0.18-1 +- Update to 10.0.18 + +* Thu May 07 2015 Honza Horak - 1:10.0.17-4 +- Include client plugins into -common package since they are used by both -libs + and base packages. +- Do not use libedit +- Related: #1201988 +- Let plugin dir to be owned by -common +- Use correct comment in the init script +- Related: #1184604 +- Add openssl as BuildRequires to run some openssl tests during build +- Related: #1189180 +- Fail in case any command in check fails +- Related: #1124791 +- Fix mysqladmin crash if run with -u root -p +- Resolves: #1207170 + +* Sat May 02 2015 Kalev Lember - 1:10.0.17-3 +- Rebuilt for GCC 5 C++11 ABI change + +* Fri Mar 06 2015 Honza Horak - 1:10.0.17-2 +- Wait for daemon ends +- Resolves: #1072958 +- Do not include symlink to libmysqlclient if not shipping the library +- Do not use scl prefix more than once in paths + Based on https://www.redhat.com/archives/sclorg/2015-February/msg00038.html + +* Wed Mar 04 2015 Honza Horak - 1:10.0.17-1 +- Rebase to version 10.0.17 +- Added variable for turn off skipping some tests + +* Tue Mar 03 2015 Honza Horak - 1:10.0.16-6 +- Check permissions when starting service on RHEL-6 +- Resolves: #1194699 +- Do not create test database by default +- Related: #1194611 + +* Fri Feb 13 2015 Matej Muzila - 1:10.0.16-4 +- Enable tokudb + +* Tue Feb 10 2015 Honza Horak - 1:10.0.16-3 +- Fix openssl_1 test + +* Wed Feb 4 2015 Jakub Dorňák - 1:10.0.16-2 +- Include new certificate for tests +- Update lists of failing tests +- Related: #1186110 + +* Tue Feb 3 2015 Jakub Dorňák - 1:10.0.16-9 +- Rebase to version 10.0.16 +- Resolves: #1187895 + +* Tue Jan 27 2015 Petr Machata - 1:10.0.15-9 +- Rebuild for boost 1.57.0 + +* Mon Jan 26 2015 Honza Horak - 1:10.0.15-8 +- Fix typo in the config file + +* Sun Jan 25 2015 Honza Horak - 1:10.0.15-7 +- Do not create log file in post script + +* Sat Jan 24 2015 Honza Horak - 1:10.0.15-6 +- Move server settings to config file under my.cnf.d dir + +* Sat Jan 24 2015 Honza Horak - 1:10.0.15-5 +- Fix path for sysconfig file + Filter provides in el6 properly + Fix initscript file location + +* Tue Jan 06 2015 Honza Horak - 1:10.0.15-4 +- Disable failing tests connect.mrr, connect.updelx2 on ppc and s390 + +* Mon Dec 22 2014 Honza Horak - 1:10.0.15-3 +- Fix macros paths in my.cnf +- Create old location for pid file if it remained in my.cnf + +* Fri Dec 05 2014 Honza Horak - 1:10.0.15-2 +- Rework usage of macros and remove some compatibility artefacts + +* Thu Nov 27 2014 Jakub Dorňák - 1:10.0.15-1 +- Update to 10.0.15 + +* Thu Nov 20 2014 Jan Stanek - 1:10.0.14-8 +- Applied upstream fix for mysql_config --cflags output. +- Resolves: #1160845 + +* Fri Oct 24 2014 Jan Stanek - 1:10.0.14-7 +- Fixed compat service file. +- Resolves: #1155700 + +* Mon Oct 13 2014 Honza Horak - 1:10.0.14-6 +- Remove bundled cmd-line-utils +- Related: #1079637 +- Move mysqlimport man page to proper package +- Disable main.key_cache test on s390 + Releated: #1149647 + +* Wed Oct 08 2014 Honza Horak - 1:10.0.14-5 +- Disable tests connect.part_file, connect.part_table + and connect.updelx +- Related: #1149647 + +* Wed Oct 01 2014 Honza Horak - 1:10.0.14-4 +- Add bcond_without mysql_names + Use more correct path when deleting mysql logrotate script + +* Wed Oct 01 2014 Honza Horak - 1:10.0.14-3 +- Build with system libedit +- Resolves: #1079637 + +* Mon Sep 29 2014 Honza Horak - 1:10.0.14-2 +- Add with_debug option + +* Mon Sep 29 2014 Honza Horak - 1:10.0.14-1 +- Update to 10.0.14 + +* Wed Sep 24 2014 Honza Horak - 1:10.0.13-8 +- Move connect engine to a separate package + Rename oqgraph engine to align with upstream packages +- Move some files to correspond with MariaDB upstream packages + client.cnf into -libs, mysql_plugin and msql2mysql into base, + tokuftdump and aria_* into -server, errmsg-utf8.txt into -errmsg +- Remove duplicate cnf files packaged using %%doc +- Check upgrade script added to warn about need for mysql_upgrade + +* Wed Sep 24 2014 Matej Muzila - 1:10.0.13-7 +- Client related libraries moved from mariadb-server to mariadb-libs +- Related: #1138843 + +* Mon Sep 08 2014 Honza Horak - 1:10.0.13-6 +- Disable vcol_supported_sql_funcs_myisam test on all arches +- Related: #1096787 +- Install systemd service file on RHEL-7+ + Server requires any mysql package, so it should be fine with older client + +* Thu Sep 04 2014 Honza Horak - 1:10.0.13-5 +- Fix paths in mysql_install_db script +- Resolves: #1134328 +- Use %%cmake macro + +* Tue Aug 19 2014 Honza Horak - 1:10.0.13-4 +- Build config subpackage everytime +- Disable failing tests: innodb_simulate_comp_failures_small, key_cache + rhbz#1096787 + +* Sun Aug 17 2014 Fedora Release Engineering - 1:10.0.13-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 14 2014 Honza Horak - 1:10.0.13-2 +- Include mysqld_unit only if required; enable tokudb in f20- + +* Wed Aug 13 2014 Honza Horak - 1:10.0.13-1 +- Rebase to version 10.0.13 + +* Tue Aug 12 2014 Honza Horak - 1:10.0.12-8 +- Introduce -config subpackage and ship base config files here + +* Tue Aug 5 2014 Honza Horak - 1:10.0.12-7 +- Adopt changes from mysql, thanks Bjorn Munch + +* Mon Jul 28 2014 Honza Horak - 1:10.0.12-6 +- Use explicit sysconfdir +- Absolut path for default value for pid file and error log + +* Tue Jul 22 2014 Honza Horak - 1:10.0.12-5 +- Hardcoded paths removed to work fine in chroot +- Spec rewrite to be more similar to oterh MySQL implementations +- Use variable for daemon unit name +- Include SysV init script if built on older system +- Add possibility to not ship some sub-packages + +* Mon Jul 21 2014 Honza Horak - 1:10.0.12-4 +- Reformating spec and removing unnecessary snippets + +* Tue Jul 15 2014 Honza Horak - 1:10.0.12-3 +- Enable OQGRAPH engine and package it as a sub-package +- Add support for TokuDB engine for x86_64 (currently still disabled) +- Re-enable tokudb_innodb_xa_crash again, seems to be fixed now +- Drop superfluous -libs and -embedded ldconfig deps (thanks Ville Skyttä) +- Separate -lib and -common sub-packages +- Require /etc/my.cnf instead of shipping it +- Include README.mysql-cnf +- Multilib support re-worked +- Introduce new option with_mysqld_unit +- Removed obsolete mysql-cluster, the package should already be removed +- Improve error message when log file is not writable +- Compile all binaries with full RELRO (RHBZ#1092548) +- Use modern symbol filtering with compatible backup +- Add more groupnames for server's my.cnf +- Error messages now provided by a separate package (thanks Alexander Barkov) +- Expand paths in helper scripts using cmake + +* Wed Jun 18 2014 Mikko Tiihonen - 1:10.0.12-2 +- Use -fno-delete-null-pointer-checks to avoid segfaults with gcc 4.9 + +* Tue Jun 17 2014 Jakub Dorňák - 1:10.0.12-1 +- Rebase to version 10.0.12 + +* Sat Jun 07 2014 Fedora Release Engineering - 1:10.0.11-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Jun 3 2014 Jakub Dorňák - 1:10.0.11-4 +- rebuild with tests failing on different arches disabled (#1096787) + +* Thu May 29 2014 Dan Horák - 1:10.0.11-2 +- rebuild with tests failing on big endian arches disabled (#1096787) + +* Wed May 14 2014 Jakub Dorňák - 1:10.0.11-1 +- Rebase to version 10.0.11 + +* Mon May 05 2014 Honza Horak - 1:10.0.10-3 +- Script for socket check enhanced + +* Thu Apr 10 2014 Jakub Dorňák - 1:10.0.10-2 +- use system pcre library + +* Thu Apr 10 2014 Jakub Dorňák - 1:10.0.10-1 +- Rebase to version 10.0.10 + +* Wed Mar 12 2014 Honza Horak - 1:5.5.36-2 +- Server crashes on SQL select containing more group by and left join statements using innodb tables +- Resolves: #1065676 +- Fix paths in helper scripts +- Move language files into mariadb directory + +* Thu Mar 06 2014 Honza Horak - 1:5.5.36-1 +- Rebase to 5.5.36 + https://kb.askmonty.org/en/mariadb-5536-changelog/ + +* Tue Feb 25 2014 Honza Horak 1:5.5.35-5 +- Daemon helper scripts sanity changes and spec files clean-up + +* Tue Feb 11 2014 Honza Horak 1:5.5.35-4 +- Fix typo in mysqld.service +- Resolves: #1063981 + +* Wed Feb 5 2014 Honza Horak 1:5.5.35-3 +- Do not touch the log file in post script, so it does not get wrong owner +- Resolves: #1061045 + +* Thu Jan 30 2014 Honza Horak 1:5.5.35-1 +- Rebase to 5.5.35 + https://kb.askmonty.org/en/mariadb-5535-changelog/ + Also fixes: CVE-2014-0001, CVE-2014-0412, CVE-2014-0437, CVE-2013-5908, + CVE-2014-0420, CVE-2014-0393, CVE-2013-5891, CVE-2014-0386, CVE-2014-0401, + CVE-2014-0402 +- Resolves: #1054043 +- Resolves: #1059546 + +* Tue Jan 14 2014 Honza Horak - 1:5.5.34-9 +- Adopt compatible system versioning +- Related: #1045013 +- Use compatibility mysqld.service instead of link +- Related: #1014311 + +* Mon Jan 13 2014 Rex Dieter 1:5.5.34-8 +- move mysql_config alternatives scriptlets to -devel too + +* Fri Jan 10 2014 Honza Horak 1:5.5.34-7 +- Build with -O3 on ppc64 +- Related: #1051069 +- Move mysql_config to -devel sub-package and remove Require: mariadb +- Related: #1050920 + +* Fri Jan 10 2014 Marcin Juszkiewicz 1:5.5.34-6 +- Disable main.gis-precise test also for AArch64 +- Disable perfschema.func_file_io and perfschema.func_mutex for AArch64 + (like it is done for 32-bit ARM) + +* Fri Jan 10 2014 Honza Horak 1:5.5.34-5 +- Clean all non-needed doc files properly + +* Wed Jan 8 2014 Honza Horak 1:5.5.34-4 +- Read socketfile location in mariadb-prepare-db-dir script + +* Mon Jan 6 2014 Honza Horak 1:5.5.34-3 +- Don't test EDH-RSA-DES-CBC-SHA cipher, it seems to be removed from openssl + which now makes mariadb/mysql FTBFS because openssl_1 test fails +- Related: #1044565 +- Use upstream's layout for symbols version in client library +- Related: #1045013 +- Check if socket file is not being used by another process at a time + of starting the service +- Related: #1045435 +- Use %%ghost directive for the log file +- Related: 1043501 + +* Wed Nov 27 2013 Honza Horak 1:5.5.34-2 +- Fix mariadb-wait-ready script + +* Fri Nov 22 2013 Honza Horak 1:5.5.34-1 +- Rebase to 5.5.34 + +* Mon Nov 4 2013 Honza Horak 1:5.5.33a-4 +- Fix spec file to be ready for backport by Oden Eriksson +- Resolves: #1026404 + +* Mon Nov 4 2013 Honza Horak 1:5.5.33a-3 +- Add pam-devel to build-requires in order to build +- Related: #1019945 +- Check if correct process is running in mysql-wait-ready script +- Related: #1026313 + +* Mon Oct 14 2013 Honza Horak 1:5.5.33a-2 +- Turn on test suite + +* Thu Oct 10 2013 Honza Horak 1:5.5.33a-1 +- Rebase to 5.5.33a + https://kb.askmonty.org/en/mariadb-5533-changelog/ + https://kb.askmonty.org/en/mariadb-5533a-changelog/ +- Enable outfile_loaddata test +- Disable tokudb_innodb_xa_crash test + +* Mon Sep 2 2013 Honza Horak - 1:5.5.32-12 +- Re-organize my.cnf to include only generic settings +- Resolves: #1003115 +- Move pid file location to /var/run/mariadb +- Make mysqld a symlink to mariadb unit file rather than the opposite way +- Related: #999589 + +* Thu Aug 29 2013 Honza Horak - 1:5.5.32-11 +- Move log file into /var/log/mariadb/mariadb.log +- Rename logrotate script to mariadb +- Resolves: #999589 + +* Wed Aug 14 2013 Rex Dieter 1:5.5.32-10 +- fix alternatives usage + +* Tue Aug 13 2013 Honza Horak - 1:5.5.32-9 +- Multilib issues solved by alternatives +- Resolves: #986959 + +* Sat Aug 03 2013 Petr Pisar - 1:5.5.32-8 +- Perl 5.18 rebuild + +* Wed Jul 31 2013 Honza Horak - 1:5.5.32-7 +- Do not use login shell for mysql user + +* Tue Jul 30 2013 Honza Horak - 1:5.5.32-6 +- Remove unneeded systemd-sysv requires +- Provide mysql-compat-server symbol +- Create mariadb.service symlink +- Fix multilib header location for arm +- Enhance documentation in the unit file +- Use scriptstub instead of links to avoid multilib conflicts +- Add condition for doc placement in F20+ + +* Sun Jul 28 2013 Dennis Gilmore - 1:5.5.32-5 +- remove "Requires(pretrans): systemd" since its not possible +- when installing mariadb and systemd at the same time. as in a new install + +* Sat Jul 27 2013 Kevin Fenzi 1:5.5.32-4 +- Set rpm doc macro to install docs in unversioned dir + +* Fri Jul 26 2013 Dennis Gilmore 1:5.5.32-3 +- add Requires(pre) on systemd for the server package + +* Tue Jul 23 2013 Dennis Gilmore 1:5.5.32-2 +- replace systemd-units requires with systemd +- remove solaris files + +* Fri Jul 19 2013 Honza Horak 1:5.5.32-1 +- Rebase to 5.5.32 + https://kb.askmonty.org/en/mariadb-5532-changelog/ +- Clean-up un-necessary systemd snippets + +* Wed Jul 17 2013 Petr Pisar - 1:5.5.31-7 +- Perl 5.18 rebuild + +* Mon Jul 1 2013 Honza Horak 1:5.5.31-6 +- Test suite params enhanced to decrease server condition influence +- Fix misleading error message when uninstalling built-in plugins +- Related: #966873 + +* Thu Jun 27 2013 Honza Horak 1:5.5.31-5 +- Apply fixes found by Coverity static analysis tool + +* Wed Jun 19 2013 Honza Horak 1:5.5.31-4 +- Do not use pretrans scriptlet, which doesn't work in anaconda +- Resolves: #975348 + +* Fri Jun 14 2013 Honza Horak 1:5.5.31-3 +- Explicitly enable mysqld if it was enabled in the beginning + of the transaction. + +* Thu Jun 13 2013 Honza Horak 1:5.5.31-2 +- Apply man page fix from Jan Stanek + +* Fri May 24 2013 Honza Horak 1:5.5.31-1 +- Rebase to 5.5.31 + https://kb.askmonty.org/en/mariadb-5531-changelog/ +- Preserve time-stamps in case of installed files +- Use /var/tmp instead of /tmp, since the later is using tmpfs, + which can cause problems +- Resolves: #962087 +- Fix test suite requirements + +* Sun May 5 2013 Honza Horak 1:5.5.30-2 +- Remove mytop utility, which is packaged separately +- Resolve multilib conflicts in mysql/private/config.h + +* Fri Mar 22 2013 Honza Horak 1:5.5.30-1 +- Rebase to 5.5.30 + https://kb.askmonty.org/en/mariadb-5530-changelog/ + +* Fri Mar 22 2013 Honza Horak 1:5.5.29-11 +- Obsolete MySQL since it is now renamed to community-mysql +- Remove real- virtual names + +* Thu Mar 21 2013 Honza Horak 1:5.5.29-10 +- Adding epoch to have higher priority than other mysql implementations + when comes to provider comparison + +* Wed Mar 13 2013 Honza Horak 5.5.29-9 +- Let mariadb-embedded-devel conflict with MySQL-embedded-devel +- Adjust mariadb-sortbuffer.patch to correspond with upstream patch + +* Mon Mar 4 2013 Honza Horak 5.5.29-8 +- Mask expected warnings about setrlimit in test suite + +* Thu Feb 28 2013 Honza Horak 5.5.29-7 +- Use configured prefix value instead of guessing basedir + in mysql_config +- Resolves: #916189 +- Export dynamic columns and non-blocking API functions documented + by upstream + +* Wed Feb 27 2013 Honza Horak 5.5.29-6 +- Fix sort_buffer_length option type + +* Wed Feb 13 2013 Honza Horak 5.5.29-5 +- Suppress warnings in tests and skip tests also on ppc64p7 + +* Tue Feb 12 2013 Honza Horak 5.5.29-4 +- Suppress warning in tests on ppc +- Enable fixed index_merge_myisam test case + +* Thu Feb 07 2013 Honza Horak 5.5.29-3 +- Packages need to provide also %%_isa version of mysql package +- Provide own symbols with real- prefix to distinguish from mysql + unambiguously +- Fix format for buffer size in error messages (MDEV-4156) +- Disable some tests that fail on ppc and s390 +- Conflict only with real-mysql, otherwise mariadb conflicts with ourself + +* Tue Feb 05 2013 Honza Horak 5.5.29-2 +- Let mariadb-libs to own /etc/my.cnf.d + +* Thu Jan 31 2013 Honza Horak 5.5.29-1 +- Rebase to 5.5.29 + https://kb.askmonty.org/en/mariadb-5529-changelog/ +- Fix inaccurate default for socket location in mysqld-wait-ready +- Resolves: #890535 + +* Thu Jan 31 2013 Honza Horak 5.5.28a-8 +- Enable obsoleting mysql + +* Wed Jan 30 2013 Honza Horak 5.5.28a-7 +- Adding necessary hacks for perl dependency checking, rpm is still + not wise enough +- Namespace sanity re-added for symbol default_charset_info + +* Mon Jan 28 2013 Honza Horak 5.5.28a-6 +- Removed %%{_isa} from provides/obsoletes, which doesn't allow + proper obsoleting +- Do not obsolete mysql at the time of testing + +* Thu Jan 10 2013 Honza Horak 5.5.28a-5 +- Added licenses LGPLv2 and BSD +- Removed wrong usage of %%{epoch} +- Test-suite is run in %%check +- Removed perl dependency checking adjustment, rpm seems to be smart enough +- Other minor spec file fixes + +* Tue Dec 18 2012 Honza Horak 5.5.28a-4 +- Packaging of MariaDB based on MySQL package +