There is no need for a character-set-server configuration when utf8mb4
is now the server default.
Also remove the character-set-collations as its no longer required and
the uca1400_ai_ci is now the default for all character sets that support
it. ref: MDEV-25829 / MDEV-34430.
Since MDEV-25829 Change default Unicode collation to uca1400_ai_ci
there is no need to set character-set-collations explicitly as its
the default.
Further mode the change in defaults affects all character sets that
support the uca1400_ai_ci collation.
When building on 64-bit kernel machine in 32-bit docker container
CMake falsely (but it works as expected) detects that container
runtime in also 64-bits. Use linux32 command to change runtime
enviroment to 32-bit and then CMake will correctly disable for
example ColumnStore and not try to build it
This commit only works with debian/autobake-debs.sh
Moving to use Debian systemd install and uninstall scripts
caused duplicated DEBHELP to server postrm script. Commit
removes unneeded and makes postrm work better and pass lintian
tests
The debian/rules removed sufficient version information from the
downstream version, however the mariadb upstream has a +
separator from the suffix.
While we are at it, remove the Debian/Ubuntu revision -1.
Other revisions used:
* Debian unstable (inherited to both Debian and Ubuntu if package unchanged): 1:10.11.6-2
* Ubuntu stable updates example: 1:10.11.6-0ubuntu0.23.10.2
* Debian stable updates example: 1:10.11.4-1~deb12u1
The result is compulation with:
-DMYSQL_SERVER_SUFFIX="-1:10.4.34+maria~deb10" \
Compared to Debian:
-DMYSQL_SERVER_SUFFIX="-1~deb12u1" \
The impact comes into play with SELECT VERSION():
10.4.34-MariaDB-1:10.4.34+maria~deb10
A more abbreviated form of the following is much more human/machine parsable:
10.6.16-MariaDB~ubu2004
Reviewer: Otto Kekäläinen
The libpmem dependency that had been added in
commit 3daef523af (MDEV-17084)
did not achieve any measurable performance improvement when
comparing the same PMEM device with and without "mount -o dax"
using the Linux ext4 file system.
Because Red Hat has deprecated libpmem, let us remove the code
altogether.
Note: This is a 10.6 version of
commit 3f9f5ca48e
which will retain PMEM support in MariaDB Server 10.11.
Because the Red Hat Enterprise Linux 8 core repository does not include
libpmem, let us implement the necessary subset ourselves.
pmem_persist(): Implement for 64-bit x86, ARM, POWER, RISC-V, Loongarch
in a way that should be compatible with the https://github.com/pmem/pmdk/
implementation of pmem_persist().
The CMake option WITH_INNODB_PMEM can be used for enabling or disabling
this interface at compile time. By default, it is enabled on all applicable
systems that are covered by our CI system.
Note: libpmem had not been previously enabled for Loongarch in our
Debian packaging. It was enabled for RISC-V, but we will not enable it
by default on RISC-V or Loongarch because we lack CI coverage.
The generated code for x86_64 was reviewed and tested on two
Intel implementations: one that only supports clflush, and
another that supports both clflushopt and clwb.
The generated machine code was also reviewed on https://godbolt.org
using various compiler versions. Godbolt helpfully includes an option
to compile to binary code and display the encoding, which was
useful on POWER.
Reviewed by: Vladislav Vaintroub
This was the orginal implementation that reverted with a bunch of
commits.
This reverts commit a13e521bc5.
Revert "cmake: append to the array correctly"
This reverts commit 51e3f1daf5.
Revert "build failure with cmake < 3.10"
This reverts commit 49cf702ee5.
Revert "MDEV-33301 memlock with systemd still not working"
This reverts commit 8a1904d782.
CapabilityBoundingSet included CAP_IPC_LOCK in MDEV-9095, however
it requires that the executable has the capability marked in extended
attributes also.
The alternate to this is raising the RLIMIT_MEMLOCK for the service/
process to be able to complete the mlockall system call. This needs to
be adjusted to whatever the MariaDB server was going to allocate.
Rather than leave the non-obvious mapping of settings and tuning,
add the capability so its easier for the user.
We set the capability, if possible, but may never be used depending
on user settings. As such in the Debian postinst script, don't
complain if this fails.
The CAP_IPC_LOCK also facilitates the mmaping of huge memory pages.
(see man mmap), like mariadb uses with --large-pages.
Instead of having a separate plugin, simply include Spider in the main
MariaDB Server package and let users manually enable on server installs
where they want to run it.
The script wsrep_sst_backup was introduced on MariaDB 10.3 in commit
9b2fa2a. The new script was automatically included in RPM packages but not
in Debian packages (which started to fail on warning about stray file).
Include wsrep_sst_backup in the mariadb-server-10.5+ package, and also
include a stub man page so that packaging of a new script is complete.
Related:
https://galeracluster.com/documentation/html_docs_20210213-1355-master/documentation/backup-cluster.html
This commit was originally submitted in May 2022 in
https://github.com/MariaDB/server/pull/2129 but upstream indicated only
in May 2023 that it might get merged, thus this is for a later release.
All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.
While a -f debian/mariadb-plugin-columnstore.install idempotent check
existed, the tying of the install file to the control file has some
weaknesses.
Used sed as an alternative to replace the debian/control
mariadb-plugin-columnstore package defination and replace it with the
one from the columnstore submodule.
if the client enabled --ssl-verify-server-cert, then
the server certificate is verified as follows:
* if --ssl-ca or --ssl-capath were specified, the cert must have
a proper signature by the specified CA (or CA in the path)
and the cert's hostname must match the server's hostname.
If the cert isn't signed or a hostname is wrong - the
connection is aborted.
* if MARIADB_OPT_TLS_PEER_FP was used and the fingerprint matches,
the connection is allowed, if it doesn't match - aborted.
* If the connection uses unix socket or named pipes - it's allowed.
(consistent with server's --require-secure-transport behavior)
otherwise the cert is still in doubt, we don't know if we can trust
it or there's an active MitM in progress.
* If the user has provided no password or the server requested an
authentication plugin that sends the password in cleartext -
the connection is aborted.
* Perform the authentication. If the server accepts the password,
it'll send SHA2(scramble || password hash || cert fingerprint)
with the OK packet.
* Verify the SHA2 digest, if it matches - the connection is allowed,
otherwise it's aborted.