if the client enabled --ssl-verify-server-cert, then
the server certificate is verified as follows:
* if --ssl-ca or --ssl-capath were specified, the cert must have
a proper signature by the specified CA (or CA in the path)
and the cert's hostname must match the server's hostname.
If the cert isn't signed or a hostname is wrong - the
connection is aborted.
* if MARIADB_OPT_TLS_PEER_FP was used and the fingerprint matches,
the connection is allowed, if it doesn't match - aborted.
* If the connection uses unix socket or named pipes - it's allowed.
(consistent with server's --require-secure-transport behavior)
otherwise the cert is still in doubt, we don't know if we can trust
it or there's an active MitM in progress.
* If the user has provided no password or the server requested an
authentication plugin that sends the password in cleartext -
the connection is aborted.
* Perform the authentication. If the server accepts the password,
it'll send SHA2(scramble || password hash || cert fingerprint)
with the OK packet.
* Verify the SHA2 digest, if it matches - the connection is allowed,
otherwise it's aborted.
Compare to Debian packaging of MariaDB 1:10.6.11-2 release at commit
2934e8a795
and sync upstream everything that is relevant for upstream and safe
to import on a stable 10.6 release.
* Use OpenSSL 1.1 from Debian Snapshots
0040c272bf
Related: https://jira.mariadb.org/browse/MDEV-30322
* Prefer using bullseye-backports in mosts tests over buster-bpo
daa827ecde
* Add new upgrade test for MySQL Community Cluster 8.0
3c71bec9b7
* Enable automatic datadir move also on upgrades from MySQL.com packages
4cbbcb7e56
* Update Breaks/Replaces
2cab13d059
* Normalize apt-get and curl commands
8754ea2578
* Standardize on using capitalized 'ON' in CMake build options
938757a85a
* Apply wrap-and-sort -av and other minor tweaks and inline documentation
NOTE TO MERGERS: This commit is made on 10.6 branch and can be merged to
all later branches (10.7, 10.8, ..., 11.0).
Put man3 pages in libmariadb-dev.install
Ignore /usr/share/mysql/*.jar because CI
environment inconsistent in the availablity of
java to compile parts.
Make the Debian build fail if it detects that the build (CMake) created
files that are not used in any package nor accounted in the special
not-installed file.
Stop creating symbolic links in Debian packaging for files that the CMake
build already created.
Document known cases of files that are intentionally not installed.
Leave the rest in the not-installed list for visibility. The list can
later be trimmed down and having the --fail-missing will prevent any new
unaccounted files from being introduced.
Note that despite extensive refactoring in the Debian packaging files,
there was no changes in the packages produced as verified by package
files lists before and after.
- Make full contents, also header files, explicit in -dev packages
fb77df0c75
- Don't ship private header files at all.
- Ship both libmariadb.pc and maridb.pc.
- Ship mysql_config only as a symlink.
- Keep 'mariadbcheck' as symlink as somebody could have used it already
d0466f74d5
- The mariadb.pc is the server pkg-config, ship in libmariadbd-dev.
- The client pkg-config is called libmariadb.pc. Ship only it in the client
library packages.
Use versioned breaks/replaces for mysql* packages we also provide and fix:
[ERROR] libmariadb-dev conflicts with libmysqlclient-dev files:
{'/usr/share/man/man1/mysql_config.1.gz', '/usr/share/aclocal/mysql.m4'}
[ERROR] libmariadb-dev conflicts with libmysqld-dev files:
{'/usr/lib/x86_64-linux-gnu/libmysqlservices.a'}
As this was missing, the libmariadb/install.cmake section for Debian
builds was not triggered at all, and existing fixes to make the
Debian paths correct did not apply.
Update libmariadb3 paths in Debian packaging after MariaDB Connector C
3.1.8 upgrade
Also now include caching_sha2_password.so which was previously omitted.
Keep old libmariadbclient.a as symbolic link for backwards compatibility.
Closes: CONC-304
Related: CONC-456, MDEV-22150
This fixes Lintian errors and warnings:
E: mariadb-client-10.5: manpage-not-compressed usr/share/man/man1/mariadb-analyze.1
E: mariadb-client-10.5: manpage-not-compressed usr/share/man/man1/mariadb-optimize.1
E: mariadb-client-10.5: manpage-not-compressed usr/share/man/man1/mariadb-repair.1
E: mariadb-client-10.5: manpage-not-compressed usr/share/man/man1/mysqlanalyze.1
E: mariadb-client-10.5: manpage-not-compressed usr/share/man/man1/mysqloptimize.1
E: mariadb-client-10.5: manpage-not-compressed usr/share/man/man1/mysqlrepair.1
W: mariadb-client-10.5: binary-without-manpage usr/bin/mariadb-conv
W: libmariadb-dev: binary-without-manpage usr/bin/mariadb_config
If the binary name is mariadb_config, the manpage needs to be mariadb_config.1.
Also run 'wrap-and-sort -a -v' to get lists in correct order.
In addition, sort .gitignore and remove duplicate lines.
To change all executables to have a mariadb name I had to:
- Do name changes in every CMakeLists.txt that produces executables
- CREATE_MARIADB_SYMLINK was removed and GET_SYMLINK added by Wlad to reuse the function in other places also
- The scripts/CMakeLists.txt could make use of GET_SYMLINK instead of introducing redundant code, but I thought I'll leave that for next release
- A lot of changes to debian/.install and debian/.links files due to swapping of real executable and symlink. I did not however change the name of the manpages, so the real name is still mysql there and mariadb are symlinks.
- The Windows part needed a change now when we made the executables mariadb -named. MSI (and ZIP) do not support symlinks and to not break backward compatibility we had to include mysql named binaries also. Done by Wlad
Matching libmariadb-dev package contents in official Debian repositories,
the MariaDB Connector/C files should go into a folder using the 'mariadb'
name. For compatibility with sources that expect to find 'mysql' stuff,
create a symlink from include/mysql to include/mariadb.
Using this package any source that expects MySQL Client libraries should
build without changes. Sources that expect MariaDB Connector C should
build using only libmariadb-dev.
Current MariaDB Connector/C does not build quite identically in
this source tree compared to how it build in Debian official.
The remaining differences are tracked in MDEV-14921.
The libmariadb-dev package must include this directory so that downstream
developers can intentionally include MariaDB libraries as they want.
This matches the contents of the official Debian libmariadb-dev package.
The symlink
/usr/lib/libmysqlclient.so -> /usr/lib/libmysqlclient.so.18
was invalid, because the library was not in /usr/lib.
The correct symlink is
/usr/lib/x86_64-linux-gnu/libmysqlclient.so -> /usr/lib/x86_64-linux-gnu/libmysqlclient.so.18
The new library name libmariadb3 matches the libmariadb.so.3 filename.
Packages that want to build against MariaDB Connector C have as
build-dependency libmariadb-dev and as run-time dependency libmariadb3.
Make the package provide libmariadbclient18 for backwards compatibility,
though compatibility is not always assured. There library did change
to a whole new generation after all, even though ABI compatibility has
been a design goal.
Also do the equivalent change for the -dev package. Packages that
explicitly want to use the MariaDB Connector C should mark it as
their build-depends.
Also provide an empty libmariadbclient18 metapackage to facilitate
upgrades from old MariaDB installs, just like there is an empty
libmysqlclient18 package. Create more of these in the future as needed.
2016-11-20 10:49:12 +02:00
Renamed from debian/libmariadbclient-dev.install (Browse further)
