Rotating binary/relay logs can cause interuption to the processing
on the server. Binary and relay logs have their own mechanism already
for not getting out of control (expire_logs_days).
By no longer rotating binary and relay logs log rotation is limited to
the following logs:
* error log
* general log
* slow query log
Writing these to the binary log would cause any logrotation on the
slave to occur twice, once due to this and another due to the log-
rotate script on the slave. Now --local is passed to mysqladmin to
prevent this duplication.
In Debian, the default install is made more secure by omitting the anonymous
user and by making the root account authenticate by unix socket
authentication instead of the default password-less root. However, Debian
hard-codes this change in mysql_install_db, which breaks that program for
other users.
This commit instead implements new general options for mysql_install_db that
can be used by anyone to similarly perform a more secure install:
--skip-auth-anonymous-user: omits the anonymous user.
--auth-root-authentication-method=normal: Keeps the existing behaviour
with a password-less root account. Currently on by default.
--auth-root-socket-user=USER
--auth-root-authentication-method=socket: creates the MariaDB root user
with the name USER (defaults to 'root') and using unix socket
authentication. This way, only that user has MariaDB root access
after install.
The idea with --auth-root-authentication-method=normal is that
applications that need this behaviour can give that option explicitly.
Then eventually we could make --auth-root-authentication-method=socket
the default, giving a more secure default installation.
Note that it is perfectly possible to do a secure install with
--auth-root-authentication-method=normal. For example, installing a
private server just for local access by a single OS-level user, by
using --skip-networking and putting the connection socket in a
location without public access. So it is important to preserve this
API for backwards compatibility.
* Update mysqld_safe script to remove duplicated parameter --crash-script
* Make --core-file-size accept underscores as well as dashes correctly.
* Add mysqld_safe_helper to Debian and Ubuntu files.
* Update innodb minor version to 35
For backwards compatibility reasons.
E.g. innotop builds against libmysqlclient.so and expects to find
a libmysqlclient.so.18 library and does not use libmariadb.so.3 even
when built from our own sources.
This commit mimics to dcfe6cb834
This is required, as the innochecksum binary has moved package.
Without this change the following error would be emitted:
Unpacking mariadb-server-core-10.2 (10.2.3+maria~jessie) over (10.2.2+maria-1~jessie) ...
dpkg: error processing archive /var/cache/apt/archives/mariadb-server-core-10.2_10.2.3+maria~jessie_amd64.deb (--unpack):
trying to overwrite '/usr/bin/innochecksum', which is also in package mariadb-client-10.2 10.2.2+maria-1~jessie
Quite often in upgrades on systemd systems dpkg emitted an error like:
Failed to stop mysql.service: Unit mysql.service not loaded.
invoke-rc.d: initscript mysql, action "stop" failed.
invoke-rc.d returned 5
There is a MySQL server running, but we failed in our attempts to stop it.
Stop it yourself and try again!
dpkg: error processing archive /var/cache/apt/archives/mariadb-server-10.2
This is because the mariadb/mysql.service file is not loaded during
the upgrade/unpack stage of dpkg in certain situations. With this simple
check we can easily skip the shutdown step when it is really not needed,
which is for sure the case if no mysqld process at all is running on the
entire system.
In Debian many existing applications in Debian/Ubuntu have been built
while libmariadbclient-dev or libmariadbclient-dev-compat was installed.
To satisfy installation dependencies, the package name libmariadbclient18
must be provided, and at runtime a shared library must by the name
libmariadbclient.so.18.
Provide these to remain backwards compatible.
The new library name libmariadb3 matches the libmariadb.so.3 filename.
Packages that want to build against MariaDB Connector C have as
build-dependency libmariadb-dev and as run-time dependency libmariadb3.
Make the package provide libmariadbclient18 for backwards compatibility,
though compatibility is not always assured. There library did change
to a whole new generation after all, even though ABI compatibility has
been a design goal.
Also do the equivalent change for the -dev package. Packages that
explicitly want to use the MariaDB Connector C should mark it as
their build-depends.
Also provide an empty libmariadbclient18 metapackage to facilitate
upgrades from old MariaDB installs, just like there is an empty
libmysqlclient18 package. Create more of these in the future as needed.
Since Debian 9 (Stretch) and Ubuntu 16.10 (Yakkety) the following
packages have existed:
* virtual-mysql-client
* virtual-mysql-client-core
* virtual-mysql-server
* virtual-mysql-server-core
* virtual-libmysqlclient-dev
They are metapackages that in Debian depend on MariaDB and in
Ubuntu currently on MySQL. We need to provide them and point
them to MariaDB so that systems that have the mariadb.org
repositories enabled automatically get everything MariaDB
and not MySQL.
This change makes the packaging provide the four first ones,
and later commits will fix the client library issues.
libmariadbd19 was intended to be added as the package that
included the libmysqld shared library. This was missing
from the debian control file.
The libmariadbd-dev package requires libmariadbd19 to provide
the shared library.
The shared libraries for embedded mysql will go into the libmariadbd18
package rather than the libmariadbd-dev development package.
/usr/bin/mariadb_config is a executable that assists embedded developers
to use the correctly correct header and library files during their
development.
Signed-off-by: Daniel Black <daniel.black@au.ibm.com>
Previously private/*.h where included in the package. These represent internal
mysqld structures that aren't guarenteed to provide a stable ABI.
There aren't intended to be used by embedded mysqld applications so
they have been removed.
Signed-off-by: Daniel Black <daniel.black@au.ibm.com>
The control file contents must be correct from the start and cannot
be modified at build time by CMake. Also all static Debian package
analyzers will fail to see all manipulations by CMake later on.
It is best to do all manipulations like these in autobake-deb.sh.
The build must stay under the Travis-CI 50 minute limit. Currently
they often exceed, and the huge test suite is the single most long
step in moving/packaging files, so remove it on Travis-CI automatically.
Also sort control file slightly to be easier to compare to downstream
control file and include gdb for automatic backtraces if the test suite
fails.
Delete duplicate man page installation.
Make mariadb-test breaks/replaces mariadb-server-5.5
as /usr/lib/mysql/plugin/adt_null.so changed package.
For Debian the rules file is the main makefile and assuming that a upstream
makefile will mangle the Debian packaging files creates false alerts
from static analysis tools and other problems.
There is no need for a separate mariadb-test metapackage and a versioned
mariadb-test-* package. Simply make it versionless and make it depend on
the client and server packages that stem from same source version.
These changes update the contents and behaviour of current packages
to match the current packaging in Debian official repos.
Keep mtr test scope small.
Updating maintainer scripts also required regenerating the translations.
Rules based on modern dh_* buildtools.
Update control file with new Debian conventions:
- Provide virtual-mysql-* virtual packages
- Recommends perl modules instead of Depends
Now we check if a dependency is available and not just if older versions
are available. Also use correct name of libcrack2 to actually detect it.
Use sed to inject dependency at the end of the dependency list.
Otherwise keep the control line clean and parseable by Debian tools.
- All build-depends should be in one place.
- Library packages should depend on their main package using strict version.
- Most packages should depend on the misc variable, so that debhelper
can fill in it with various calculated dependencies automatically.
- All packages using dynamic libraries should depend on the shlibs variable
to include shared libraries as dependencies automatically.
- Essential tools like bsdutils, grep and tar shall not be defined in vain.
When acting as a Galera receiver node, server startup may take
more than 30 secs (the current default) as it has to wait for
SST/IST operation to complete besides spending some time doing
wsrep recovery.
Fixed by raising the default value of MYSQLD_STARTUP_TIMEOUT
to 60 secs. Also sourced /etc/default/mariadb into the init
script so that it can be used to set MYSQLD_STARTUP_TIMEOUT.
Logrotate script assumed an error if mysqladmin failed to connect to server
and there's mysqld process exists. However there can be non-system instance of
mysqld running (e.g. in docker) making this assumption wrong.
Check pid file existance instead.
Unmask the systemd mysql.service if left behind by mysql-server-5.6
Without this a simple 'apt-get install mariadb-server' would end
up with a system where mysqld is not running despite it was
running OK with mysql-server-5.6 installed, and users might wrongly
think mariadb-server package is broken when the real cause was
the removal of mysql-server-5.6 that left a /etc/systemd/system/
file behind pointing to /dev/null.
Set umask so that newly created file is not readable by others. This is a quick
fix to close security gap. To be replaced by MDEV-8375 - passwordless root
login.
