PARSEC: Password Authentication using Response Signed with Elliptic Curve
new authentication plugin that uses salted passwords,
key derivation, extensible password storage format,
and both server- and client-side scrambles.
It signs the response with ed25519, but it uses stock
unmodified ed25519 as provided by OpenSSL/WolfSSL/GnuTLS.
Edited by: Sergei Golubchik
Import only the required functions instead of all the functions from the
module to reduce the unnecessary functions in the namespace and prevent
shadowing. Note: All code changes are non-functional.
All new code of the whole pull request, including one or several
files that are either new files or modified ones, are contributed
under the BSD-new license. I am contributing on behalf of my
employer Amazon Web Services, Inc.
As is everywhere in mariadbd is used it more than
convienient to use mariadbd-safe than mysql_safe
in init script also in upstream test use output
mariadb-test-run-junit.xml than mysql-test-run-junit.xml
Adapted from upstream commit 8171f9da87 but separated only the datadir
section from the commit and wrote it in a way that does not trigger
Shellcheck or English grammar nags.
This check is intentionally not added to the preinst script as was done
upstream in 30fb72ca6e as the preinst script will always create the
data directory if missing, and thus checking for it right after the
creation is moot.
Fix a large amount of minor fixes to maintainer scripts and other done
downstream in the official Debian packaging.
Changes include:
38198d0b9e
> Limit check of running mysqld/mariadbd to system users (Closes: #1032047)
>
> If a random user has their own copy of mysqld/mariadbd running, the
> dpkg maintainer script should not care about it.
8116354d22
> Make error more helpful in case server restart fails (Related: #1033234)
>
> Bugs such as https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033234
> and https://bugs.launchpad.net/ubuntu/+source/mariadb-10.6/+bug/2011293
> show that currently dpkg stopping on service stop/start does not have
> a very helpful error message.
8675e97202
> Complement upstream commits with more complete mysql->mariadb conversion
>
> The upstream commit 952af4a1 missed some places where 'mysql' or
> 'MySQL' can and should be converted to use 'mariadb' or 'MariaDB'.
c983613300
> Fix indentation in Debian post and pre scripts
>
> There is several misindentation inside Debian post and pre
> installation scripts. False indentation with space as indent space
> should be 2 and indentation with tabs.
>
> Adopt upstream commit 7cbb45d1 in Debian by conserving customizations
> in:
> - debian/mariadb-server.postinst
> - debian/mariadb-server.postrm
> - debian/mariadb-server.preinst
d0bcab443f
> Ensure spaces are used everywhere instead of tabs for indentation
0300a9157c
> Complement previous upstream commits to fix Shellcheck issues
>
> - Unify if/then and while/do on separate lines
> - Fix indentation to be consistent
> - Use "$()" instead of backticks for subshells
> - Exit code cannot be -1, must be 0-255
> - Remove unused variables MYCHECK and MYCHECK_PARAMS
> - Rewrite messy command-line database calls to an easier to read form
> that does exactly the same
> - Use 'command -v' test instead of 'which'
>
> With this commit, all of debian/* is Shellcheck clean.
Also
* Update mariadb.conf.d template to tell users where to create logdir
if they are not using journald
* Remove use of work 'slave'
* Add minor workaround for Debian Bug #1022994 if TMPDIR is empty
* Make start/stop in maintainer scripts correctly check mariadbd
ownership and only start/stop processes owned by root or 'mysql'
* Remove obsolete 'NO_UPDATE_BUILD_VERSION=1' as it did not affect the
RocksDB build reproducibility as previously assumed
* Run 'wrap-and-sort -av'
- Unify on MTR_SKIP_TEST_LIST in both d/rules and autopkgtests
- Unify MTR command in both d/rules and autopkgtests
- Make d/rules section more verbose to help debugging why tests
sometimes ran and sometimes not
- If MTR fails, make the log a bit more verbose
(inspired by https://github.com/MariaDB/buildbot/pull/76/files)
The way DPKG_GENSYMBOLS_CHECK_LEVEL was exported did not actually
have any effect on the build. Fix the syntax so that build will
indeed fail if there there are new symbols in new upstream version.
Based on riscv64 build logs the RocksDB plugin currently builds fine on
it, and the riscv64 platform is 64-bit and has correct endianness for
RocksDB, so all the pre-requisites for it working exist, so it should
work.
Make sure that Debian respects systemd disabled by bumping
to deb compat 11 which is available from Debian 10 and Ubuntu 20.04
and it provides better integration with systemd.
Start using dh_installsystemd which is new recommended way
in compat 11
As mariadb.pc contains mostly the same than
libmariadb.pc and it mainly only creates distortion
for client developers. They use libmariadb.pc not mariadb.pc
(which is for embbeded use mainly).
Move mariadb.pc to not-installed from libmariadbd-dev
to clear out this situation
There is some package-contains-documentation-outside-usr-share-doc that
are better to be there than move somewhere else. They are:
* mariadb-server: package-contains-documentation-outside-usr-share-doc [usr/share/mysql/errmsg-utf8.txt]
* mariadb-server-core: package-contains-documentation-outside-usr-share-doc [usr/share/mysql/charsets/README]
* mariadb-test: package-contains-documentation-outside-usr-share-doc [usr/share/mysql/mysql-test/README]
Also fix Mroonga
* mariadb-plugin-mroonga: extra-license-file [usr/share/mysql/mroonga/COPYING]
There is couple spare-manual-page problems which means that
there is man page but no binary for that.
wsrep_sst_backup is in not-installed and man page is in
mariadb-server package. Move man page also to not-installed
mysql-test-run.pl is in unusual location which makes
lintian think that it not available.
There is unused override which is not needed an polluting
output
* unused-override arch-dependent-file-not-in-arch-specific-directory usr/bin/mariadb_config [usr/share/lintian/overrides/libmariadb-dev:2]
Lintian warn that mariadb-common and mysql-common descriptions
are sypnosis as they contain dot but dots are used in other
purposes so they are just false-positives:
* mysql-common: synopsis-is-a-sentence "MariaDB client common configuration files package (e.g. /etc/mysql/my.cnf)"
* mariadb-server: unused-debconf-template mariadb-server/old_data_directory_saved [templates:2]
Lot's of binaries have 'spelling errors' which are there in
purpose and they are simply false positives some list of them
are:
* I: libmariadbd19: spelling-error-in-binary noone no one [usr/lib/x86_64-linux-gnu/libmariadbd.so.19]
* I: libmariadbd19: spelling-error-in-binary thats that's [usr/lib/x86_64-linux-gnu/libmariadbd.so.19]
* I: libmariadbd19: spelling-error-in-binary theres there's [usr/lib/x86_64-linux-gnu/libmariadbd.so.19]
* I: libmariadbd19: spelling-error-in-binary yuR your [usr/lib/x86_64-linux-gnu/libmariadbd.so.19]
* I: mariadb-backup: spelling-error-in-binary exising existing [usr/bin/mariadb-backup]
* I: mariadb-backup: spelling-error-in-binary noone no one [usr/bin/mariadb-backup]
...
There is lot of warnings like this:
* source-contains-autogenerated-visual-c++-file [extra/wolfssl/wolfssl/IDE/WIN10/resource.h]
* source-contains-autogenerated-visual-c++-file [extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc]
* source-contains-autogenerated-visual-c++-file [extra/wolfssl/wolfssl/resource.h]
* source-contains-autogenerated-visual-c++-file [storage/columnstore/columnstore/dbcon/ddlpackageproc/libddlpackageproc.rc]
* source-contains-autogenerated-visual-c++-file [storage/columnstore/columnstore/dbcon/ddlpackageproc/resource.h]
* source-contains-autogenerated-visual-c++-file [storage/columnstore/columnstore/dbcon/dmlpackageproc/libdmlpackageproc.rc]
Which are needed and should be there. They are just false-positives
Also MariaDB rebuilds these Java arhives but they are available for testing purposes still
so they are also false-positives
* source-contains-prebuilt-java-object [storage/connect/mysql-test/connect/std_data/JavaWrappers.jar]
* source-contains-prebuilt-java-object [storage/connect/mysql-test/connect/std_data/JdbcMariaDB.jar]
* source-contains-prebuilt-java-object [storage/connect/mysql-test/connect/std_data/Mongo2.jar]
* source-contains-prebuilt-java-object [storage/connect/mysql-test/connect/std_data/Mongo3.jar]
Some packages are needed to conflict packages that are not in
this package and they emerge some warnings. Remove them from
lintian output as they are not errors or something that should
be handled.
I: libmariadb-dev: conflicts-with-version libmariadb-dev-compat (<< 3.0.0)
I: libmariadb-dev-compat: conflicts-with-version libmariadbclient-dev (<< 1:10.11.8+maria~deb11)
I: libmariadb3: conflicts-with-version libmariadbclient18 (<< 10.2.0)
I: mariadb-client: conflicts-with-version mysql-client (<< 5.0.51)
I: mariadb-client-core: conflicts-with-version mysql-client (<< 5.0.51)
lintian output
Lintian have many warnings that there is shebang '/bin/sh' which can
be populary /bin/bash or /bin/zsh but also many others like Ksh
or even Fish.
Warned lintian problems are testing that are run under Bash or some other
shell so they are or they are words in comments like let
* I: mariadb-client: bash-term-in-posix-shell '`echo "testing\c"' [usr/bin/mariadb-secure-installation:191]
* I: mariadb-server: bash-term-in-posix-shell '${BASH_VERSION' [usr/share/mysql/wsrep_notify:86]
* I: mariadb-server: bash-term-in-posix-shell '[ "$url" ==' [usr/bin/mariadbd-safe:216]
* I: mariadb-server: bash-term-in-posix-shell 'let' [usr/bin/mariadbd-safe:41]
* I: mariadb-server: bash-term-in-posix-shell 'ulimit' [usr/bin/mariadbd-safe:712]
* I: mariadb-server: bash-term-in-posix-shell 'ulimit' [usr/bin/mariadbd-safe:832]
* I: mariadb-server-core: bash-term-in-posix-shell 'source tree,' [usr/bin/mariadb-install-db:93]
* I: mariadb-test-data: bash-term-in-posix-shell '${BASH_VERSION' [usr/share/mysql/mysql-test/std_data/wsrep_notify.sh:87]
* I: mariadb-test-data: bash-term-in-posix-shell '${BASH_VERSION' [usr/share/mysql/mysql-test/std_data/wsrep_notify_ssl.sh:87]
These are not big ones.
These are needed in *BSD family
* incorrect-path-for-interpreter /usr/bin/env perl != /usr/bin/perl [usr/share/mysql/mysql-test/mariadb-stress-test.pl]
* incorrect-path-for-interpreter /usr/bin/env perl != /usr/bin/perl [usr/share/mysql/mysql-test/mariadb-test-run.pl]
and these are needed to make sure that these packages get removed if they exist:
* version-substvar-for-external-package Replaces ${source:Version} libmariadb-dev -> libmysqlclient-dev [debian/control:*]
* version-substvar-for-external-package Replaces ${source:Version} libmariadb-dev -> libmysqld-dev [debian/control:*]
* version-substvar-for-external-package Replaces ${source:Version} libmariadbd-dev -> libmariadbclient-dev [debian/control:*]
There is not-installed static libraries which only
have x86-64 path so they will be installed in other
architectures like ARM. Fix them replacing with '*'
char
* W: mariadb source: unwanted-path-too-specific
Lintian overdrives tends to rot and with Debian 12
Lintian got overhaul with syntax changes which made
most of the old overrides obsoleted. Change old ones
to new ones and remove unneeded onews also add some
needed overrides.
* W: mariadb-test-data: mismatched-override *
- There was serveral old syntax overrides which should be just removed
* W: mariadb-test-data: national-encoding *
- There is lot's test files which are in ISO/IEC 8859-1 encoding
and not UTF-8 for purpose. Remove then from polluting lintian
* W: mariadb-plugin-provider-bzip2: mismatched-override
* W: mariadb-plugin-provider-lz4: mismatched-override
* W: mariadb-plugin-provider-lzma: mismatched-override
* W: mariadb-plugin-provider-lzo: mismatched-override
* W: mariadb-plugin-provider-snappy: mismatched-override
- Remove old style overrides from packages
* W: mariadb-test: shared-library-lacks-prerequisites [usr/lib/mysql/plugin/auth_0x0100.so]
* W: mariadb-test: shared-library-lacks-prerequisites [usr/lib/mysql/plugin/debug_key_management.so]
* W: mariadb-test: shared-library-lacks-prerequisites [usr/lib/mysql/plugin/test_sql_service.so]
- These libraries are like that for a purpose
Debian control file has few lintian warning level notifications
* mariadb-test: breaks-without-version mariadb-server-5.5
- Several packages conflicts with mariadb-server-5.5 but
on mariadb-test breaks without it so it's controversial
and can be resolved only with conflicting in mariadb-test
* W: libmariadbd-dev: extended-description-line-too-long line 6
* W: mariadb-plugin-cracklib-password-check: extended-description-line-too-long line 4
- Lines are too long (over 80 chars) and they are just separated
to new line.
Blindly recursive chown is not way to do it.
This Workaround is not much better than just chown -R but
there is small adjustment just chown MariaDB statedir and logdir
then with find only chown those files that are not correctly
owned.
Fixes lintian warnings:
* W: mariadb-server: recursive-privilege-change "chown -R" [postinst:*]
* W: mariadb-server: recursive-privilege-change "chown -R" [postinst:*]
There is no need for a character-set-server configuration when utf8mb4
is now the server default.
Also remove the character-set-collations as its no longer required and
the uca1400_ai_ci is now the default for all character sets that support
it. ref: MDEV-25829 / MDEV-34430.
Since MDEV-25829 Change default Unicode collation to uca1400_ai_ci
there is no need to set character-set-collations explicitly as its
the default.
Further mode the change in defaults affects all character sets that
support the uca1400_ai_ci collation.
