Your message dated Mon, 16 Jan 2023 05:40:14 +0000
with message-id <[email protected]>
and subject line Bug#1022994: fixed in mariadb 1:10.11.1-1
has caused the Debian Bug report #1022994,
regarding mariadb-server: Initial DB creation fails with libpam-tmpdir installed
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1022994: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022994
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mariadb-server
Version: 1:10.6.10-1
Severity: important
Tags: upstream
Dear Maintainer,
This bug has been reported upstream but may need a workaround in Debian.
https://jira.mariadb.org/browse/MDEV-29910
Description
-----------
On Debian GNU/Linux, when the package libpam-tmpdir is installed,
mysql_install_db script fails during post install setup. As a result, mariadb
daemon fails to start. The following error message is shown:
rm -rf /var/lib/mysql ; mysql_install_db --rpm --cross-bootstrap --user=mysql
--disable-log-bin --skip-test-db
2022-10-28 19:33:00 0 [ERROR] mariadbd: Can't create/write to file
'/tmp/user/0/ib2C7oNS' (Errcode: 13 "Permission denied")
2022-10-28 19:33:00 0 [ERROR] InnoDB: Unable to create temporary file; errno:
13
2022-10-28 19:33:00 0 [ERROR] mariadbd: Can't create/write to file
'/tmp/user/0/ibykVtxz' (Errcode: 13 "Permission denied")
2022-10-28 19:33:00 0 [ERROR] InnoDB: Unable to create temporary file; errno:
13
2022-10-28 19:33:00 0 [ERROR] InnoDB: Database creation was aborted with error
Generic error. You may need to delete the ibdata1 file before trying to start
up again.
2022-10-28 19:33:00 0 [ERROR] Plugin 'InnoDB' init function returned error.
2022-10-28 19:33:00 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE
failed.
2022-10-28 19:33:00 0 [ERROR] Unknown/unsupported storage engine: InnoDB
2022-10-28 19:33:00 0 [ERROR] Aborting
Installation of system tables failed! Examine the logs in
/var/lib/mysql for more information.
Environment
-----------
On FreedomBox (a pure blend of Debian), several applications that depend on
mariadb fail to install when running on Debian testing/unstable. This is due to
mariadb not running soon after installation. FreedomBox installs that package
libpam-tmpdir by default. If this package is removed, mariadb server is running
successfully after install.
This bug was reproduced on Debian unstable (as of 2022-10-28) with
mariadb-server package version 1:10.6.10-1+b1.
Workarounds
-----------
1. If libpam-tmpdir package is removed, the installation and daemon start
succeed.
2. When the environment variable TMPDIR is set to empty value, the
mysql_install_db command succeeds. Example:
rm -rf /var/lib/mysql ; TMPDIR= mysql_install_db --rpm --cross-bootstrap
--user=mysql --disable-log-bin --skip-test-db
3. When mysql_install_db is not run are root, the problem is not observed.
Example:
rm -rf /var/lib/mysql ; mkdir /var/lib/mysql; chown mysql:mysql
/var/lib/mysql/ ; sudo -u mysql mysql_install_db --rpm --cross-bootstrap
--user=mysql --disable-log-bin --skip-test-db
Regression
----------
This error does not occur on Debian stable (bullseye) where mariadb package
version is 1:10.5.15-0+deb11u1. Hence this is a regression since that version.
Analysis
--------
According to pam-tmpdir: "Many programs use $TMPDIR for storing temporary
files.
Not all of them are good at securing the permissions of those files.
libpam-tmpdir sets $TMPDIR and $TMP for PAM sessions and sets the permissions
quite tight. This helps system security by having an extra layer of security,
making such symlink attacks and other /tmp based attacks harder or impossible".
Errors like the one being reported are typically seen when directories/files
are
created by root user in the $TMPDIR and later a non-root user tries to access
those files without any further permission changes. libpam-tmpdir tries to
ensure that temporary files created by one user are not accidentally accessible
to unauthorized users.
During 10.6.x release cycle a change was introduced that makes this mistake. It
creates files as 'root' and then tries to access them as 'mysql' user. The
problem can be fixed by:
1. Copying the files temporarily created by 'root' user to a location
accessible
to the 'mysql' user and then setting proper ownership, or by
2. Creating all the temporary files with 'mysql' user to start with.
--- End Message ---
--- Begin Message ---
Source: mariadb
Source-Version: 1:10.11.1-1
Done: Otto Kekäläinen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
mariadb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Otto Kekäläinen <[email protected]> (supplier of updated mariadb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 15 Jan 2023 14:45:21 -0800
Source: mariadb
Binary: libmariadb-dev libmariadb-dev-compat libmariadb3 libmariadbd19
libmariadbd-dev mariadb-common mariadb-client-core mariadb-client
mariadb-server-core mariadb-server mariadb-backup mariadb-plugin-connect
mariadb-plugin-s3 mariadb-plugin-rocksdb mariadb-plugin-oqgraph
mariadb-plugin-mroonga mariadb-plugin-spider mariadb-plugin-gssapi-server
mariadb-plugin-gssapi-client mariadb-plugin-cracklib-password-check
mariadb-plugin-hashicorp-key-management mariadb-plugin-provider-bzip2
mariadb-plugin-provider-lz4 mariadb-plugin-provider-lzma
mariadb-plugin-provider-lzo mariadb-plugin-provider-snappy mariadb-test
mariadb-test-data
Architecture: source
Version: 1:10.11.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian MySQL Maintainers <[email protected]>
Changed-By: Otto Kekäläinen <[email protected]>
Description:
libmariadb-dev - MariaDB database development files
libmariadb-dev-compat - MariaDB Connector/C, compatibility symlinks
libmariadb3 - MariaDB database client library
libmariadbd-dev - MariaDB embedded database, development files
libmariadbd19 - MariaDB embedded database, shared library
mariadb-backup - Backup tool for MariaDB server
mariadb-client - MariaDB database client binaries
mariadb-client-core - MariaDB database core client binaries
mariadb-common - MariaDB common configuration files
mariadb-plugin-connect - Connect storage engine for MariaDB
mariadb-plugin-cracklib-password-check - CrackLib Password Validation Plugin
for MariaDB
mariadb-plugin-gssapi-client - GSSAPI authentication plugin for MariaDB client
mariadb-plugin-gssapi-server - GSSAPI authentication plugin for MariaDB server
mariadb-plugin-hashicorp-key-management - Hashicorp Key Management plugin for
MariaDB
mariadb-plugin-mroonga - Mroonga storage engine for MariaDB
mariadb-plugin-oqgraph - OQGraph storage engine for MariaDB
mariadb-plugin-provider-bzip2 - BZip2 compression support in the server and
storage engines
mariadb-plugin-provider-lz4 - LZ4 compression support in the server and
storage engines
mariadb-plugin-provider-lzma - LZMA compression support in the server and
storage engines
mariadb-plugin-provider-lzo - LZO compression support in the server and
storage engines
mariadb-plugin-provider-snappy - Snappy compression support in the server and
storage engines
mariadb-plugin-rocksdb - RocksDB storage engine for MariaDB
mariadb-plugin-s3 - Amazon S3 archival storage engine for MariaDB
mariadb-plugin-spider - Spider storage engine for MariaDB
mariadb-server - MariaDB database server binaries
mariadb-server-core - MariaDB database core server files
mariadb-test - MariaDB database regression test suite
mariadb-test-data - MariaDB database regression test suite - data files
Closes: 1022994
Changes:
mariadb (1:10.11.1-1) unstable; urgency=medium
.
[ Otto Kekäläinen ]
* New major upstream release: 10.11
- Introduce new packages called 'providers', each one providing
a particular features, though so far only various compression
methods.
- New plugin package for Hashicorp Vault
- Upstream 10.11 series is intended to be a long-term supported
version with 5 years of security releases
- The other major versions 10.7/8/9/10 releases after 10.6
are all short-term releases, and thus not suitable for inclusion
in Debian but still worth noting as a guide on how to read
upstream relases notes, as all apply for what is now new in
Debian with the introduction of this 10.11
* Remove version suffix from Debian packages and rename source
package to just 'mariadb', dropping the 10.6 suffix.
* Emit warning from SysV init script if mysqld_safe is missing
* Ignore some EXPLAIN JSON test failures on armel/armhf (MDEV-30411)
* Add custom dh_installinit to keep /etc/init.d/mariadb enabled
when upgrading from mariadb-server-10.6 to mariadb-server (10.11)
.
[ Sunil Mohan Adapa ]
* Workaround failure to create DB with libpam-tmpdir (Closes: #1022994)
Checksums-Sha1:
0dfda2260fbaebafd9b381204dea293f27754fa8 4993 mariadb_10.11.1-1.dsc
b9bbff752eee881821ef6dfb1183254e3fd69960 92633496 mariadb_10.11.1.orig.tar.gz
95a7b14da4bb056b782cf45a5be7f26cdda50829 224200 mariadb_10.11.1-1.debian.tar.xz
fa558947ad77dd2c4ff3f3711cc7393d5a93dc7c 9517
mariadb_10.11.1-1_source.buildinfo
Checksums-Sha256:
3069b587588a21779dc92645dc63dff7e0b0114d1265bcb5153decdbede74138 4993
mariadb_10.11.1-1.dsc
f82311fae1c6be71099ec2fbc8d9d02d43308d915ebeb477cc636ea028f88770 92633496
mariadb_10.11.1.orig.tar.gz
0108004726691e9cb49f9403cfd89e70839abbb9a2dfc5674ecc59009177dd73 224200
mariadb_10.11.1-1.debian.tar.xz
64f9cf5bf46d1b973c03afe3a1686cb8aaefe4575e6e66ee11152785281ee1db 9517
mariadb_10.11.1-1_source.buildinfo
Files:
df459c3193449c0261facd9a11be6271 4993 database optional mariadb_10.11.1-1.dsc
50768d3675c9b2c43e43a3c95bdeebeb 92633496 database optional
mariadb_10.11.1.orig.tar.gz
9e7b7cae0f3145ceed4f73b48d7bc23f 224200 database optional
mariadb_10.11.1-1.debian.tar.xz
6e0b5095a5db96b13198d2f3acc48181 9517 database optional
mariadb_10.11.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEmbRSsR88dMO0U+RvvthEn87o2ogFAmPE3VkACgkQvthEn87o
2ohG4Q/+IxAdbaXjwAsZJpYJA30cGfisYMz2+4YAxterQycDPneqeqMqvPpRodd0
LAwaFC0U1AXglXBfs5Hs/a6mULYtkX9sebUb9ntQOLQ9GvR1cLFU6DgXNUkW/x/t
J+8+Ag1kNIuLmcPfKHMWndA05Rhk2GBqjywDJf054mgTdK3seMzIjVjHt8O7Mzqz
+w0VQ3GDNLP9e77CgTU+oXpM9Ep7lHbHUjnW4pxnYozQ8Nz6vHtbfJB0yj/UBOp4
GF55TrfIa6OeD3eycSRJAaCtMMSeBpjRbxlx5Tc7Yqh7r3iwYA0A/Q7/ZfORQDuB
PtveTOCDbmJrO5eptABMcmCcNx8oNDwkId0LT6AibfyS/tZWZIaB9n9s6w06WSzH
3oaxiLPlu+QMKP2u7vT/hysiIITesYOzMcZELQJ3tQINF6EHAJ04m1UVbp4upF6N
YkuMmmwjNMvBycUtbjSCtu8JclOAAK75Wo9kRg4NbN5xv6cCpXLSkcT83bTTV6wi
iH4hOKieSIrmdTEyDu7G+i0p3TcLe3qzPh3ky3iobHtLFsG/LJ5V55UZS0MF+4ko
Qgypj5Iv9RIPQt3lrWjv6R4Jc8zDjBJsL3Lu77j4rYKuM6esDpTtZc2gOEpA3iyF
Ct5ujG/uCXNZHlHkOEXBwo1KRFftR/e3avF/ApMQeKmU9PbmGos=
=XY7t
-----END PGP SIGNATURE-----
--- End Message ---
