Commit graph

2615 commits

Author SHA1 Message Date
Yuriy Kohut
ce3d0cd5b4 MDEV-35407 Suppress STDERR while determining rpm package vendor
... and version in %prein scriptlet

%prein(MariaDB-server-11.4.3-1.el9.x86_64) scriptlet failed, exit status 1

The message is:
"The current MariaDB server package is provided by a different vendor (warning: Signature not supported. Hash algorithm SHA1 not available. MariaDB Foundation)".

The "warning: Signature not supported. Hash algorithm SHA1 not available." is taken from the STDERR.

warning: Signature not supported. Hash algorithm SHA1 not available.
gpg-pubkey-73e3b907-6581b071

rpm package vendor and version should be grepped from STDIN only.

Reviewer: Daniel Black
2024-11-13 10:24:30 +11:00
Sergei Golubchik
8ac30517af MDEV-34384 restorecon call in RPM POSTIN script has hardcoded datadir path 2024-07-17 21:25:40 +02:00
Christian Hesse
3d2e54ff8c MDEV-20053: update systemd unit
Now that we have proper paths in `galera_recovery` changing the
directory is no longer required.
2024-06-22 17:19:49 +10:00
Daniel Black
76a27155b4 MDEV-33301 memlock with systemd still not working
.. even with MDEV-9095 fix

CapabilityBounding sets require filesystem setcap attributes
for the executable to gain privileges during execution.

A side effect of this however is the getauxvec(AT_SECURE) gets
set, and the secure_getenv from OpenSSL internals on
OPENSSL_CONF environment variable will get ignored (openssl gh issue
21770).

According to capabilities(7), Ambient capabilities don't trigger
ld.so triggering the secure execution mode.

Include SELinux and Apparmor capabilities for ipc_lock
2024-03-27 13:36:31 +11:00
Daniel Black
ee2ed1a036 Revert "MDEV-33636: RPM caps is on mariadbd exe"
This was the orginal implementation that reverted with a bunch of
commits.

This reverts commit a13e521bc5.

Revert "cmake: append to the array correctly"
This reverts commit 51e3f1daf5.

Revert "build failure with cmake < 3.10"
This reverts commit 49cf702ee5.

Revert "MDEV-33301 memlock with systemd still not working"
This reverts commit 8a1904d782.
2024-03-27 13:36:31 +11:00
Daniel Black
8a1904d782 MDEV-33301 memlock with systemd still not working
CapabilityBoundingSet included CAP_IPC_LOCK in MDEV-9095, however
it requires that the executable has the capability marked in extended
attributes also.

The alternate to this is raising the RLIMIT_MEMLOCK for the service/
process to be able to complete the mlockall system call. This needs to
be adjusted to whatever the MariaDB server was going to allocate.
Rather than leave the non-obvious mapping of settings and tuning,
add the capability so its easier for the user.

We set the capability, if possible, but may never be used depending
on user settings. As such in the Debian postinst script, don't
complain if this fails.

The CAP_IPC_LOCK also facilitates the mmaping of huge memory pages.
(see man mmap), like mariadb uses with --large-pages.
2024-02-15 12:58:13 +11:00
Sergei Golubchik
98a39b0c91 Merge branch '10.4' into 10.5 2023-12-02 01:02:50 +01:00
Daniel Black
d4be70afb4 MDEV-30236 set TaskMax=99% in the MariaDB systemd unit
Originally requested to be infinity, but rolled back to 99%
to allow for a remote ssh connection or the odd needed system
job. This is up from 15% which is the effective default of
DefaultTasksMax.

Thanks Rick Pizzi for the bug report.
2023-11-16 09:03:03 +11:00
Marko Mäkelä
f8f7d9de2c Merge 10.4 into 10.5 2023-09-11 11:29:31 +03:00
Sergei Golubchik
fe86d04ea7 MDEV-30904 "rpm --setugids" breaks PAM authentication
move user/group creation from %post to %pre as Fedora packaging
guidelines say. This allows to use %attr() to set the correct
ownership of files
2023-09-06 22:38:41 +02:00
Andrew Hutchings
161ce045a7 Revert "use environment file in systemd units for _WSREP_START_POSITION"
This reverts commit 6c40590405.
2023-08-08 15:46:39 +01:00
Andrew Hutchings
48e6918c94 Revert "update galera_new_cluster to use environment file"
This reverts commit b54e4bf00b.
2023-08-08 15:46:39 +01:00
Christian Hesse
b54e4bf00b update galera_new_cluster to use environment file
Now that the systemd unit files use an environment file to pass
_WSREP_START_POSITION we have to update galera_new_cluster as well.
2023-08-02 17:16:37 +01:00
Christian Hesse
6c40590405 use environment file in systemd units for _WSREP_START_POSITION
We used to run `systemctl set-environment` to pass
_WSREP_START_POSITION. This is bad because:

* it clutter systemd's environment (yes, pid 1)
* it requires root privileges
* options (like LimitNOFILE=) are not applied

Let's just create an environment file in ExecStartPre=, that is read
before ExecStart= kicks in. We have _WSREP_START_POSITION around for the
main process without any downsides.
2023-08-02 17:16:37 +01:00
Daniel Black
0f351b620a rpm: server-post - use mariadb-install-db 2022-12-14 20:52:06 +00:00
Daniel Black
72f1384c3a Merge branch 10.4 into 10.5 2022-12-13 09:57:19 +11:00
Julius Goryavsky
a491400833 MDEV-29814: galera_var_notify_ssl_ipv6 causes testing system to hang
This commit fixes the test system hanging due to
the galera_var_notify_ssl_ipv6 test and also brings
the wsrep_notify[_ssl].sh files in line with each other
between the user template and the mtr suite.

Quotes are also added here to avoid problems if the
user specifies the value of one of the variables at the
beginning of the file containing shell-specific characters,
for example, if the password or username specified in the
PSWD and USER variables will contain the "$" character.

Also fixed an issue with automatic --ssl-verify-server-cert
option substitution when the corresponding value is set
by the user to "1" or "on".

Also fixed some tests here to avoid joining one of the nodes
to another cluster when the nodes are restarted from the mtr
side, which can lead to random failures when testing with
buildbot.
2022-12-10 01:11:55 +01:00
Daniel Black
7b44d0ba57
MDEV-23230 wsrep files installed when built without WSREP (#2334)
Prevent wsrep files from being installed if WITH_WSREP=OFF.

Reviewed by Daniel Black
Additionally excluded #include wsrep files and galera* files
along with galera/wsrep tests.

mysql-test/include/have_wsrep.inc remainds as its used by
a few isolated tests.

Co-authored-by: Chris Ross <cross2@cisco.com>
2022-11-28 18:21:03 +00:00
Marko Mäkelä
977c385df3 Merge 10.4 into 10.5 2022-10-12 11:29:32 +03:00
Julius Goryavsky
3f5b03c415 MDEV-21905: Galera test galera_var_notify_cmd causes hang
The problem is related to performing operations without switching
wsrep off, this commit fixes this and allows disabled tests.
2022-10-11 08:37:13 +02:00
Marko Mäkelä
de078e060e Merge 10.4 into 10.5 2022-10-06 08:29:56 +03:00
Marko Mäkelä
65d0c57c1a Merge 10.3 into 10.4 2022-10-05 20:30:57 +03:00
Julius Goryavsky
19f0b96d53 MDEV-27682: bundled wsrep_notify.sh causes mariadbd to freeze during start
This commit adds automation that will reduce the possibility
of user errors when customizing wsrep_notify.sh (in particular
caused by user-specified parameters). Now all leading and trailing
spaces are removed from the user-specified parameters and automatic
port and host address substitution has been added to scripts, as
well as automatic password substitution to the client command line,
only if it is specified in the wsrep_notify.sh and not as empty
strings. Also added support for automatic substitution of the all
SSL-related parameters and improved parsing for ipv6 addresses
(to allow "[...]" notation for ipv6 addresses). Also added a
test to check if the wsrep notify script will works with SSL.
2022-10-04 13:16:17 +02:00
Marko Mäkelä
098c0f2634 Merge 10.4 into 10.5 2022-07-27 17:17:24 +03:00
Oleksandr Byelkin
3bb36e9495 Merge branch '10.3' into 10.4 2022-07-27 11:02:57 +02:00
Sergei Golubchik
6313702278 MDEV-26568 RPM logic prohibiting server major upgrade no longer works as expected
prevent %{VERSION} in the shell command to be expanded by rpmbuild
2022-07-05 21:09:59 +02:00
Marko Mäkelä
a9d0bb12e6 Merge 10.4 into 10.5 2022-06-09 12:22:55 +03:00
Marko Mäkelä
c89e3b70a7 Merge 10.3 into 10.4 2022-06-09 11:53:46 +03:00
GuiXiaoDi
9c207c88c1 mysql.server.sh fix for non-Red Hat platforms
The else condition is meant to be here to define the functions
if the Red Hat include file isn't there.

Fixes: commit 467011bcac / MDEV-26614

RedHat -> Red Hat by Daniel Black
2022-06-09 13:09:44 +10:00
Marko Mäkelä
cac995ec6f Merge 10.4 into 10.5 2022-02-17 11:58:25 +02:00
Marko Mäkelä
f921db7aa5 Merge 10.3 into 10.4 2022-02-17 11:33:08 +02:00
Marko Mäkelä
5b237e5965 Merge 10.2 into 10.3 2022-02-17 10:53:58 +02:00
Jonathan Sabbe
9f429a2dd1 fix: Fix 'unknown type usermodehelper_t' issue after upgrading to MariaDB 10.4.24 2022-02-17 15:30:58 +11:00
Oleksandr Byelkin
cf63eecef4 Merge branch '10.4' into 10.5 2022-02-01 20:33:04 +01:00
Oleksandr Byelkin
a576a1cea5 Merge branch '10.3' into 10.4 2022-01-30 09:46:52 +01:00
Oleksandr Byelkin
41a163ac5c Merge branch '10.2' into 10.3 2022-01-29 15:41:05 +01:00
Monty
008c02c987 MDEV-27477 Remaining SUSE patches for 10.2+
This patch fixes the logrotate config file for mariadb.
Read more at https://www.novell.com/support/kb/doc.php?id=7005219

Source:
https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-10.0.15-logrotate-su.patch
2022-01-27 16:12:16 +02:00
Monty
93a5fb0025 MDEV-27477 Remaining SUSE patches for 10.2+
This patch let's you specify not only user to use but also group that
MariaDB should use.

Original patch:
https://github.com/openSUSE/mysql-packaging/blob/master/patches/mysql-patches/mariadb-10.2.3-group.patch

Author:   Kristyna Streitova
Reviewer: monty@mariadb.org
2022-01-27 14:43:21 +02:00
Daniel Black
8b3b73808d MDEV-27635: selinux: allow read of /proc/sys/kernel/core_pattern
Prevent the error:

setroubleshoot[23678]: SELinux is preventing /usr/libexec/mysqld from read access on the file core_pattern.

Reading of the core pattern occurs on crash as added in MDEV-15051

RHEL-7.7

$  ls -laZ /proc/sys/kernel/core_pattern
-rw-r--r--. root root system_u:object_r:usermodehelper_t:s0 /proc/sys/kernel/core_pattern
2022-01-27 10:50:50 +11:00
Tuukka Pasanen
25f598f54f MDEV-26317: Add SYSTEMD_READWRITEPATH variable to mariadb.service.in-file
Add SYSTEMD_READWRITEPATH-variable to mariadb{@,}.service.in to make sure that
if one is not building RPM or DEB packages then make sure there is ReadWritePaths
directive is defined in systemd service file.

This ensures that tar-ball installation has permissions to write database default
installation path (default: /usr/local/mysql/data) even if it's located
under /usr. Writing to that location is prevented by 'ProtectSystem=full'
systemd directive by default.

Prefixing the path with "-" in systemd causes there to not be an error if the
path doesn't exist. This may occur if the user has configured a datadir
elsewhere.

Reviewer: Daniel Black
2022-01-07 17:51:20 +11:00
Daniel Black
5d57e04b27 MDEV-27386: cpack rpm libsepol installed detects verison incorrectly
... when two packages are installed.

(fc35 with i686 and x86_64 packages of libsepol installed).
$ rpm -q --qf "%{VERSION}" libsepol
3.33.3

Restricting the version to the current achitecture generates
a much more obtainable version dependency.

$ rpm -q --qf "%{VERSION}" libsepol.x86_64
3.3

This make dependency resolution easier preventing:
$ sudo dnf localinstall  MariaDB-server-10.8.0-1.fc35.x86_64.rpm ...
Last metadata expiration check: 2:06:49 ago on Thu 30 Dec 2021 14:02:32.
Error:
 Problem 1: conflicting requests
  - nothing provides libsepol >= 3.33.3 needed by MariaDB-server-10.8.0-1.fc35.x86_64

The CMAKE_SYSTEM_PROCESSOR is used in the generation of architecture
filenames so its preduent to just use the same version.
2021-12-30 19:48:26 +11:00
Marko Mäkelä
83c4523f03 Merge 10.4 into 10.5 2021-09-24 17:32:50 +03:00
Marko Mäkelä
69bd2c88e1 Merge 10.3 into 10.4 2021-09-24 16:52:30 +03:00
Marko Mäkelä
d7aa81c862 Merge 10.2 into 10.3 2021-09-24 16:51:12 +03:00
Alexey Bychko
467011bcac MDEV-26612 Two different ways to start MariaDB service can cause data corruption
RedHat systems have both files for lsb and init functions.
Old code was written as if/else, so second file (RedHat-specific) was not processed.
So, systemd redirect didn't work, because its logic is described in
RedHat-specific functions file
2021-09-24 15:02:47 +07:00
Oleksandr Byelkin
ae6bdc6769 Merge branch '10.4' into 10.5 2021-07-31 23:19:51 +02:00
Oleksandr Byelkin
7841a7eb09 Merge branch '10.3' into 10.4 2021-07-31 22:59:58 +02:00
Rucha Deodhar
534553897f MDEV-24248: my_print_defaults is not taking all the values when using -e
option which is called from mysql.server (extra_args).

Fix: change mysql.server script to use --defaults-extra-file instead of -e
2021-07-23 12:39:25 +05:30
Sergei Golubchik
6190a02f35 Merge branch '10.2' into 10.3 2021-07-21 20:11:07 +02:00
Rucha Deodhar
826eab3f9b Revert "MDEV-24248: my_print_defaults is not taking all the values when using -e"
This reverts commit f88d130e71.
2021-07-15 17:07:22 +05:30