- make re-bootstrap run with all extra options, not only InnoDB ones
- re-use previously created bootstrap.sql
- add --console
- fix debian patch to keep it applicable
Rotating binary/relay logs can cause interuption to the processing
on the server. Binary and relay logs have their own mechanism already
for not getting out of control (expire_logs_days).
By no longer rotating binary and relay logs log rotation is limited to
the following logs:
* error log
* general log
* slow query log
Writing these to the binary log would cause any logrotation on the
slave to occur twice, once due to this and another due to the log-
rotate script on the slave. Now --local is passed to mysqladmin to
prevent this duplication.
In Debian, the default install is made more secure by omitting the anonymous
user and by making the root account authenticate by unix socket
authentication instead of the default password-less root. However, Debian
hard-codes this change in mysql_install_db, which breaks that program for
other users.
This commit instead implements new general options for mysql_install_db that
can be used by anyone to similarly perform a more secure install:
--skip-auth-anonymous-user: omits the anonymous user.
--auth-root-authentication-method=normal: Keeps the existing behaviour
with a password-less root account. Currently on by default.
--auth-root-socket-user=USER
--auth-root-authentication-method=socket: creates the MariaDB root user
with the name USER (defaults to 'root') and using unix socket
authentication. This way, only that user has MariaDB root access
after install.
The idea with --auth-root-authentication-method=normal is that
applications that need this behaviour can give that option explicitly.
Then eventually we could make --auth-root-authentication-method=socket
the default, giving a more secure default installation.
Note that it is perfectly possible to do a secure install with
--auth-root-authentication-method=normal. For example, installing a
private server just for local access by a single OS-level user, by
using --skip-networking and putting the connection socket in a
location without public access. So it is important to preserve this
API for backwards compatibility.
* Update mysqld_safe script to remove duplicated parameter --crash-script
* Make --core-file-size accept underscores as well as dashes correctly.
* Add mysqld_safe_helper to Debian and Ubuntu files.
* Update innodb minor version to 35
When acting as a Galera receiver node, server startup may take
more than 30 secs (the current default) as it has to wait for
SST/IST operation to complete besides spending some time doing
wsrep recovery.
Fixed by raising the default value of MYSQLD_STARTUP_TIMEOUT
to 60 secs. Also sourced /etc/default/mariadb into the init
script so that it can be used to set MYSQLD_STARTUP_TIMEOUT.
Logrotate script assumed an error if mysqladmin failed to connect to server
and there's mysqld process exists. However there can be non-system instance of
mysqld running (e.g. in docker) making this assumption wrong.
Check pid file existance instead.
Unmask the systemd mysql.service if left behind by mysql-server-5.6
Without this a simple 'apt-get install mariadb-server' would end
up with a system where mysqld is not running despite it was
running OK with mysql-server-5.6 installed, and users might wrongly
think mariadb-server package is broken when the real cause was
the removal of mysql-server-5.6 that left a /etc/systemd/system/
file behind pointing to /dev/null.
Set umask so that newly created file is not readable by others. This is a quick
fix to close security gap. To be replaced by MDEV-8375 - passwordless root
login.
Make dependency on mysql-common package in debian/control
versioned to force that it is installed together with the other
mariadb-* packages. This ensures that the init.d and systemd
files for MariaDB mysqld are the ones from MariaDB.org repos.
This is useful for developers who run autobake-deb.sh directly
from the source tree as the resulting source tar package will be
90% smaller and all operations regarding it consequently 10x faster.
This should make the provides/breaks/replaces/conflicts lines
work properly when upgrading from mysql-5.6 to mariadb-packages.
Conflicts:
debian/control
The only difference between the files was the Debian standards
line by one micro version. There was no logical motivation why
there was separate control file for Debian and Ubuntu.
The new debian/control file lives directly at the correct location
and has the correct contents.
Modify autobake.sh to take into account new control file location.
myisam_recover is only an alias for myisam_recover_options.
Use the option name instead of the alias is more correct.
This also avoids an note about the use of an alias instead of the option
name on every server start.
A comment in debian/mariadb-server-10.1.postinst says: "can safely run on
upgrades with existing databases". While this is true there're a few reasons not
to do that:
- it increases installation time (it has to run rather heavy mysqld multiple times)
- as well as it increases mysqld downtime
- it may fail if database has some plugin specific configs (see MDEV-8437)
- there should be no need to run this script on upgrade: they should be handled
by mysql_upgrade to
- RPM postin doesn't call it if database directory exists
Also postinst is not supposed to create database directories: let
mysql_install_db do that intead.
There was code that was supposed to "catch upgrades from previous versions where
the root password wasn't set". But it is wrong in many regards:
- it is supposed to be executed against running server, but at this point server
should be down, which makes this code no-op
- if the above is fixed, root password will be requested twice (initial root
password request + this one)
- it asks for a password only once, while "initial root password request" asks
twice (password + password verification)
- it may give false positive if unix socket based authentication is in effect
Removed this code since it didn't work for quite a while (at least since
mysql-5.1) and nobody cared about it.
