Date: Thursday, November 7, 2019 @ 22:20:50
Author: eworm
Revision: 367180
archrelease: copy trunk to testing-x86_64
Added:
mariadb/repos/testing-x86_64/
mariadb/repos/testing-x86_64/0001-arch-specific.patch
(from rev 367179, mariadb/trunk/0001-arch-specific.patch)
mariadb/repos/testing-x86_64/0002-systemd-sysusers-tmpfiles.patch
(from rev 367179, mariadb/trunk/0002-systemd-sysusers-tmpfiles.patch)
mariadb/repos/testing-x86_64/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch
(from rev 367179,
mariadb/trunk/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch)
mariadb/repos/testing-x86_64/PKGBUILD
(from rev 367179, mariadb/trunk/PKGBUILD)
mariadb/repos/testing-x86_64/mariadb.install
(from rev 367179, mariadb/trunk/mariadb.install)
------------------------------------------------------------------+
0001-arch-specific.patch | 90 +++
0002-systemd-sysusers-tmpfiles.patch | 65 ++
0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch | 34 +
PKGBUILD | 226
++++++++++
mariadb.install | 25 +
5 files changed, 440 insertions(+)
Copied: mariadb/repos/testing-x86_64/0001-arch-specific.patch (from rev 367179,
mariadb/trunk/0001-arch-specific.patch)
===================================================================
--- testing-x86_64/0001-arch-specific.patch (rev 0)
+++ testing-x86_64/0001-arch-specific.patch 2019-11-07 22:20:50 UTC (rev
367180)
@@ -0,0 +1,90 @@
+From 07abbcbbe129a4c44c58fa2496b0921e52a759c2 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <m...@eworm.de>
+Date: Tue, 29 Jan 2019 23:12:01 +0100
+Subject: enable PrivateTmp for a little bit more security
+---
+ support-files/mariadb.service.in | 2 +-
+ support-files/mari...@.service.in | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/support-files/mariadb.service.in
b/support-files/mariadb.service.in
+index 8d43b6db428..a96fbcc9d2c 100644
+--- a/support-files/mariadb.service.in
++++ b/support-files/mariadb.service.in
+@@ -117,7 +117,7 @@ UMask=007
+
+ # If you don't use the /tmp directory for SELECT ... OUTFILE and
+ # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
+-PrivateTmp=false
++PrivateTmp=true
+
+ ##
+ ## Options previously available to be set via [mysqld_safe]
+diff --git a/support-files/mari...@.service.in
b/support-files/mari...@.service.in
+index a2f5cff0828..30631a8738a 100644
+--- a/support-files/mari...@.service.in
++++ b/support-files/mari...@.service.in
+@@ -138,7 +138,7 @@ UMask=007
+
+ # If you don't use the /tmp directory for SELECT ... OUTFILE and
+ # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
+-PrivateTmp=false
++PrivateTmp=true
+
+ ##
+ ## Options previously available to be set via [mysqld_safe]
+From 0e4a158086b765aa3a12b84646aefb9b192443f7 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <m...@eworm.de>
+Date: Tue, 29 Jan 2019 23:12:54 +0100
+Subject: force preloading jemalloc for memory management
+---
+ support-files/mariadb.service.in | 1 +
+ support-files/mari...@.service.in | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/support-files/mariadb.service.in
b/support-files/mariadb.service.in
+index a96fbcc9d2c..6bb5d4227b9 100644
+--- a/support-files/mariadb.service.in
++++ b/support-files/mariadb.service.in
+@@ -140,6 +140,7 @@ LimitNOFILE=16364
+ # Library substitutions. previously [mysqld_safe] malloc-lib with explicit
paths
+ # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
+ # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=
++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"
+
+ # Flush caches. previously [mysqld_safe] flush-caches=1
+ # ExecStartPre=sync
+diff --git a/support-files/mari...@.service.in
b/support-files/mari...@.service.in
+index 83d75f80b87..d1d24d685f9 100644
+--- a/support-files/mari...@.service.in
++++ b/support-files/mari...@.service.in
+@@ -161,6 +161,7 @@ LimitNOFILE=16364
+ # Library substitutions. previously [mysqld_safe] malloc-lib with explicit
paths
+ # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
+ # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=
++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"
+
+ # Flush caches. previously [mysqld_safe] flush-caches=1
+ # ExecStartPre=sync
+From 820b47c1e70d36f1272cca3ddbdf4bbd2dd62bde Mon Sep 17 00:00:00 2001
+From: Christian Hesse <m...@eworm.de>
+Date: Wed, 30 Jan 2019 00:46:47 +0100
+Subject: remove aliases from systemd unit files
+---
+ support-files/mariadb.service.in | 2 --
+ support-files/mari...@.service.in | 2 --
+ 2 files changed, 4 deletions(-)
+
+diff --git a/support-files/mariadb.service.in
b/support-files/mariadb.service.in
+index 8d43b6db428..d7fa6bf5b14 100644
+--- a/support-files/mariadb.service.in
++++ b/support-files/mariadb.service.in
+@@ -20,8 +20,6 @@ After=network.target
+
+ [Install]
+ WantedBy=multi-user.target
+-Alias=mysql.service
+-Alias=mysqld.service
+
+
+ [Service]
Copied: mariadb/repos/testing-x86_64/0002-systemd-sysusers-tmpfiles.patch (from
rev 367179, mariadb/trunk/0002-systemd-sysusers-tmpfiles.patch)
===================================================================
--- testing-x86_64/0002-systemd-sysusers-tmpfiles.patch
(rev 0)
+++ testing-x86_64/0002-systemd-sysusers-tmpfiles.patch 2019-11-07 22:20:50 UTC
(rev 367180)
@@ -0,0 +1,65 @@
+From aef4f58adf90e9fee4348c1cf6484faeae159255 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <m...@eworm.de>
+Date: Tue, 2 Jan 2018 14:32:21 +0100
+Subject: [PATCH 1/2] Use descriptive file names for sysusers and tmpfiles
+ configuration
+
+These files were installed to:
+
+${INSTALL_SYSTEMD_SYSUSERSDIR}/sysusers.conf
+${INSTALL_SYSTEMD_TMPFILESDIR}/tmpfiles.conf
+
+Instead rename the files to more descriptive file names 'mariadb.conf'.
+
+Signed-off-by: Christian Hesse <m...@eworm.de>
+---
+ support-files/CMakeLists.txt | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/support-files/CMakeLists.txt b/support-files/CMakeLists.txt
+index 3655c87b94e..63443245e6e 100644
+--- a/support-files/CMakeLists.txt
++++ b/support-files/CMakeLists.txt
+@@ -118,7 +118,8 @@ IF(UNIX)
+ CONFIGURE_FILE(sysusers.conf.in
+ ${CMAKE_CURRENT_BINARY_DIR}/sysusers.conf @ONLY)
+ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/sysusers.conf
+- DESTINATION ${INSTALL_SYSTEMD_SYSUSERSDIR} COMPONENT Server)
++ DESTINATION ${INSTALL_SYSTEMD_SYSUSERSDIR}
++ RENAME mariadb.conf COMPONENT Server)
+ ENDIF()
+
+ IF(INSTALL_SYSTEMD_TMPFILESDIR)
+@@ -126,7 +127,8 @@ IF(UNIX)
+ CONFIGURE_FILE(tmpfiles.conf.in
+ ${CMAKE_CURRENT_BINARY_DIR}/tmpfiles.conf @ONLY)
+ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/tmpfiles.conf
+- DESTINATION ${INSTALL_SYSTEMD_TMPFILESDIR} COMPONENT Server)
++ DESTINATION ${INSTALL_SYSTEMD_TMPFILESDIR}
++ RENAME mariadb.conf COMPONENT Server)
+ ENDIF()
+
+ # @ in directory name broken between CMake version 2.8.12.2 and 3.3
+From 974bd397ff3492c57799e11a02cc3c07081bb1fc Mon Sep 17 00:00:00 2001
+From: Christian Hesse <m...@eworm.de>
+Date: Tue, 2 Jan 2018 14:36:49 +0100
+Subject: [PATCH 2/2] Make systemd-tmpfiles create MYSQL_DATADIR
+
+This is a no-op if the directory exists, but makes sure it is created by
+systemd-tmpfiles with proper permissions otherwise.
+
+This solves packaging issues when the user MYSQLD_USER is created by
+systemd-sysusers and uid is not known in advance.
+
+Signed-off-by: Christian Hesse <m...@eworm.de>
+---
+ support-files/tmpfiles.conf.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in
+index 03d66abc0c7..3c89cb258c9 100644
+--- a/support-files/tmpfiles.conf.in
++++ b/support-files/tmpfiles.conf.in
+@@ -1 +1,2 @@
+ d @MYSQL_UNIX_DIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ -
++d @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ -
Copied:
mariadb/repos/testing-x86_64/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch
(from rev 367179,
mariadb/trunk/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch)
===================================================================
---
testing-x86_64/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch
(rev 0)
+++
testing-x86_64/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch
2019-11-07 22:20:50 UTC (rev 367180)
@@ -0,0 +1,34 @@
+From 471952a37f2523a00d2b4fd617128b3fa9d0cf03 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <m...@eworm.de>
+Date: Fri, 25 Jan 2019 14:50:53 +0100
+Subject: [PATCH 1/1] fix galera_recovery with fs.protected_regular enabled
+
+The fs.protected_regular sysctls was added in Linux 4.19 to make some
+data spoofing attacks harder. With systemd v241 these will be enabled
+by default.
+
+With this protection enabled galera_recovery fails with EPERM
+(permission denied). This is caused by a wrong security measure:
+The script changes ownership of $log_file to $user, though $user never
+touches it. The shell redirection writes output to the file, not mysqld.
+So just drop chown to fix this.
+
+Signed-off-by: Christian Hesse <m...@eworm.de>
+---
+ scripts/galera_recovery.sh | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh
+index 709c4b0eed5..8df2abc3fd5 100644
+--- a/scripts/galera_recovery.sh
++++ b/scripts/galera_recovery.sh
+@@ -101,8 +101,7 @@ wsrep_recover_position() {
+
+ # Safety checks
+ if [ -n "$log_file" -a -f "$log_file" ]; then
+- [ "$euid" = "0" ] && chown $user $log_file
+- chmod 600 $log_file
++ chmod 600 $log_file
+ else
+ log "WSREP: mktemp failed"
+ fi
Copied: mariadb/repos/testing-x86_64/PKGBUILD (from rev 367179,
mariadb/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2019-11-07 22:20:50 UTC (rev 367180)
@@ -0,0 +1,226 @@
+# Maintainer: Bartłomiej Piotrowski <bpiotrow...@archlinux.org>
+# Maintainer: Christian Hesse <m...@eworm.de>
+
+pkgbase=mariadb
+pkgname=('mariadb-libs' 'mariadb-clients' 'mariadb' 'mytop')
+pkgdesc='Fast SQL database server, derived from MySQL'
+pkgver=10.4.10
+pkgrel=1
+arch=('x86_64')
+license=('GPL')
+url='https://mariadb.org/'
+makedepends=('boost' 'bzip2' 'cmake' 'jemalloc' 'libaio' 'libxml2' 'lz4' 'lzo'
+ 'openssl' 'systemd' 'zlib' 'zstd')
+validpgpkeys=('199369E5404BD5FC7D2FE43BCBCB082A1BB943DB') # MariaDB Package
Signing Key <package-signing-...@mariadb.org>
+source=("https://downloads.mariadb.org/interstitial/mariadb-${pkgver}/source/mariadb-${pkgver}.tar.gz"{,.asc}
+ '0001-arch-specific.patch'
+ '0002-systemd-sysusers-tmpfiles.patch'
+ '0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch')
+sha256sums=('cd50fddf86c2a47405737e342f78ebd40d5716f0fb32b976245de713bed01421'
+ 'SKIP'
+ 'ce72ea1563ad773e00e8b1c299babea176abae1102827c2f743921e9de615041'
+ '3e83467af80fbd53400a201a34fc858b88509ea8e88b10709947eb66545f9457'
+ 'c8c801f80924ccb97b499552fe1c532b3ebf8f86cdfc0d23715d4adb1a8810f0')
+
+prepare() {
+ cd $pkgbase-$pkgver/
+
+ # Arch Linux specific patches:
+ # * enable PrivateTmp for a little bit more security
+ # * force preloading jemalloc for memory management
+ # * remove aliases in systemd unit files
+ patch -Np1 < ../0001-arch-specific.patch
+
+ # MDEV-17028 Fix glitches with systemd sysusers and tmpfiles:
+ # * Use descriptive file names for sysusers and tmpfiles configuration
+ # * Make systemd-tmpfiles create MYSQL_DATADIR
+ # https://github.com/MariaDB/server/pull/530
+ patch -Np1 < ../0002-systemd-sysusers-tmpfiles.patch
+
+ # fix galera_recovery with fs.protected_regular enabled
+ # https://github.com/MariaDB/server/pull/1137
+ patch -Np1 <
../0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch
+}
+
+build() {
+ local _cmake_options=(
+ # build options
+ -DCOMPILATION_COMMENT="Arch Linux"
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -Wno-dev
+
+ # file paths
+ # /etc
+ -DINSTALL_SYSCONFDIR=/etc
+ -DINSTALL_SYSCONF2DIR=/etc/my.cnf.d
+ # /run
+ -DINSTALL_UNIX_ADDRDIR=/run/mysqld/mysqld.sock
+ # /usr
+ -DCMAKE_INSTALL_PREFIX=/usr
+ # /usr/bin /usr/include
+ -DINSTALL_SCRIPTDIR=bin
+ -DINSTALL_INCLUDEDIR=include/mysql
+ # /usr/lib
+ -DINSTALL_PLUGINDIR=lib/mysql/plugin
+ -DINSTALL_SYSTEMD_UNITDIR=/usr/lib/systemd/system/
+ -DINSTALL_SYSTEMD_SYSUSERSDIR=/usr/lib/sysusers.d/
+ -DINSTALL_SYSTEMD_TMPFILESDIR=/usr/lib/tmpfiles.d/
+ # /usr/share
+ -DINSTALL_SHAREDIR=share
+ -DINSTALL_SUPPORTFILESDIR=share/mysql
+ -DINSTALL_MYSQLSHAREDIR=share/mysql
+ -DINSTALL_DOCREADMEDIR=share/doc/mariadb
+ -DINSTALL_DOCDIR=share/doc/mariadb
+ -DINSTALL_MANDIR=share/man
+ # /var
+ -DMYSQL_DATADIR=/var/lib/mysql
+
+ # default settings
+ -DDEFAULT_CHARSET=utf8mb4
+ -DDEFAULT_COLLATION=utf8mb4_unicode_ci
+
+ # features
+ -DENABLED_LOCAL_INFILE=ON
+ -DPLUGIN_EXAMPLE=NO
+ -DPLUGIN_FEDERATED=NO
+ -DPLUGIN_FEEDBACK=NO
+ -DWITH_EMBEDDED_SERVER=ON
+ -DWITH_EXTRA_CHARSETS=complex
+ -DWITH_JEMALLOC=ON
+ -DWITH_LIBWRAP=OFF
+ -DWITH_PCRE=bundled
+ -DWITH_READLINE=ON
+ -DWITH_SSL=system
+ -DWITH_SYSTEMD=yes
+ -DWITH_UNIT_TESTS=OFF
+ -DWITH_ZLIB=system
+ )
+
+ mkdir build
+ cd build
+
+ cmake ../"$pkgbase-$pkgver" "${_cmake_options[@]}"
+
+ make
+}
+
+check() {
+ cd build/mysql-test
+
+ # Takes *really* long, so disabled by default.
+ #./mtr --parallel=5 --mem --force --max-test-fail=0
+}
+
+package_mariadb-libs() {
+ pkgdesc='MariaDB libraries'
+ depends=('bzip2' 'libaio' 'lz4' 'lzo' 'openssl' 'xz' 'zlib')
+ conflicts=('libmysqlclient' 'libmariadbclient' 'mariadb-connector-c')
+ provides=('libmariadbclient' 'mariadb-connector-c')
+ replaces=('libmariadbclient')
+
+ cd build
+
+ for dir in libmariadb libmysqld libservices include; do
+ make -C "$dir" DESTDIR="$pkgdir" install
+ done
+
+ ln -s mariadb_config "$pkgdir"/usr/bin/mysql_config
+ install -D -m0644 "$srcdir"/"$pkgbase-$pkgver"/man/mysql_config.1
"$pkgdir"/usr/share/man/man1/mysql_config.1
+
+ install -D -m0644 support-files/mariadb.pc
"$pkgdir"/usr/share/pkgconfig/mariadb.pc
+ install -D -m0644 "$srcdir"/"$pkgbase-$pkgver"/support-files/mysql.m4
"$pkgdir"/usr/share/aclocal/mysql.m4
+
+ cd "$pkgdir"
+
+ # remove static libraries
+ rm usr/lib/*.a
+}
+
+package_mariadb-clients() {
+ pkgdesc='MariaDB client tools'
+ depends=("mariadb-libs=${pkgver}" 'jemalloc')
+ conflicts=('mysql-clients')
+ provides=("mysql-clients=$pkgver")
+
+ cd build
+
+ make -C client DESTDIR="$pkgdir" install
+
+ # install man pages
+ for man in mysql mysql_plugin mysql_upgrade mysqladmin mysqlbinlog
mysqlcheck mysqldump mysqlimport mysqlshow mysqlslap mysqltest; do
+ install -D -m0644 "$srcdir"/"$pkgbase-$pkgver"/man/"$man.1"
"$pkgdir"/usr/share/man/man1/"$man.1"
+ done
+}
+
+package_mariadb() {
+ pkgdesc='Fast SQL database server, derived from MySQL'
+ backup=('etc/my.cnf'
+ 'etc/my.cnf.d/client.cnf'
+ 'etc/my.cnf.d/enable_encryption.preset'
+ 'etc/my.cnf.d/mysql-clients.cnf'
+ 'etc/my.cnf.d/server.cnf')
+ install=mariadb.install
+ depends=("mariadb-clients=${pkgver}" 'inetutils' 'systemd-libs' 'libxml2'
'zstd')
+ optdepends=('galera: for MariaDB cluster with Galera WSREP'
+ 'perl-dbd-mysql: for mysqlhotcopy, mysql_convert_table_format
and mysql_setpermission')
+ conflicts=('mysql')
+ provides=("mysql=$pkgver")
+ options=('emptydirs')
+
+ cd build
+
+ make DESTDIR="$pkgdir" install
+
+ cd "$pkgdir"
+
+ # no SysV init, please!
+ rm -r etc/logrotate.d
+ rm usr/bin/rcmysql
+ rm usr/share/mysql/{binary-configure,mysql{,d_multi}.server}
+
+ # link service files with old name for compatibility
+ ln -s mariadb.service usr/lib/systemd/system/mysqld.service
+ ln -s mariadb@.service usr/lib/systemd/system/mysqld@.service
+
+ # move to proper licenses directories
+ install -d usr/share/licenses/mariadb
+ mv usr/share/doc/mariadb/COPYING* usr/share/licenses/mariadb/
+
+ # move it where one might look for it
+ mv usr/share/{groonga{,-normalizer-mysql},doc/mariadb/}
+
+ # already installed to real systemd unit directory or useless
+ rm -r usr/share/mysql/systemd/
+ rm -r usr/lib/systemd/system/mariadb@bootstrap.service.d
+
+ # provided by mariadb-libs
+ rm usr/bin/mariadb_config
+ rm usr/bin/mysql_config
+ rm -r usr/include/
+ rm usr/share/man/man1/mysql_config.1
+ rm -r usr/share/{aclocal,pkgconfig}
+ rm usr/lib/lib*
+ rm
usr/lib/mysql/plugin/{auth_gssapi_client,caching_sha2_password,client_ed25519,dialog,mysql_clear_password,sha256_password}.so
+ rm -r usr/lib/pkgconfig/
+
+ # provided by mariadb-clients
+ rm
usr/bin/mysql{,_plugin,_upgrade,admin,binlog,check,dump,import,show,slap,test}
+ rm
usr/bin/mariadb{,-{admin,binlog,check,dump,import,plugin,show,slap,test,upgrade}}
+ rm
usr/share/man/man1/mysql{,_plugin,_upgrade,admin,binlog,check,dump,import,show,slap,test}.1
+
+ # provided by mytop
+ rm usr/bin/mytop
+
+ # not needed
+ rm -r usr/{data,mysql-test,sql-bench}
+ rm usr/share/man/man1/mysql-test-run.pl.1
+}
+
+package_mytop() {
+ pkgdesc='Top clone for MariaDB'
+ depends=('perl' 'perl-dbd-mysql' 'perl-term-readkey')
+
+ cd build
+
+ install -D -m0755 scripts/mytop "$pkgdir"/usr/bin/mytop
+}
Copied: mariadb/repos/testing-x86_64/mariadb.install (from rev 367179,
mariadb/trunk/mariadb.install)
===================================================================
--- testing-x86_64/mariadb.install (rev 0)
+++ testing-x86_64/mariadb.install 2019-11-07 22:20:50 UTC (rev 367180)
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+post_install() {
+ echo ":: You need to initialize the MariaDB data directory prior to starting"
+ echo " the service. This can be done with mariadb-install-db command,
e.g.:"
+ echo " mariadb-install-db --user=mysql --basedir=/usr
--datadir=/var/lib/mysql"
+}
+
+post_upgrade() {
+ # show for feature release: 10.1 -> 10.2 -> 10.3 -> ...
+ if [ $(vercmp "${1%.*-*}" "${2%.*-*}") -ne 0 ]; then
+ echo ":: MariaDB was updated to a new feature release. To update the data
run:"
+ echo " systemctl restart mariadb.service && mariadb-upgrade -u root -p"
+ fi
+
+ # return if old package version greater 10.4...
+ (( $(vercmp $2 '10.4') > 0 )) && return
+
+ # upgrade from pre-10.4...
+ echo ":: MariaDB configuration layout changed."
+ echo " -> The main configuration file now is: /etc/my.cnf"
+ echo " -> Instantiated services (mariadb@foo.service) do not longer read
their"
+ echo " own configuration file but use group suffix (configuration block"
+ echo " '[mysqld.foo]') in main configuration file."
+}
