Date: Friday, February 1, 2019 @ 07:51:57 Author: eworm Revision: 344989
replace the on-the-fly hacks with proper patches Added: mariadb/trunk/0001-arch-specific.patch mariadb/trunk/0002-systemd-sysusers-tmpfiles.patch mariadb/trunk/0003-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch mariadb/trunk/0004-do-not-break-main-configuration-with-instantiated-one.patch mariadb/trunk/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch Modified: mariadb/trunk/PKGBUILD mariadb/trunk/mariadb.install Deleted: mariadb/trunk/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch mariadb/trunk/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch ---------------------------------------------------------------------------------+ 0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch | 31 -- 0001-arch-specific.patch | 134 ++++++++++ 0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch | 32 -- 0002-systemd-sysusers-tmpfiles.patch | 60 ++++ 0003-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch | 31 ++ 0004-do-not-break-main-configuration-with-instantiated-one.patch | 56 ++++ 0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch | 32 ++ PKGBUILD | 50 +-- mariadb.install | 2 9 files changed, 338 insertions(+), 90 deletions(-) Deleted: 0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch =================================================================== --- 0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch 2019-01-31 21:39:33 UTC (rev 344988) +++ 0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch 2019-02-01 07:51:57 UTC (rev 344989) @@ -1,31 +0,0 @@ -From 8b87e87252f7d0599a99f18cd5f51914d2611397 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= <vicen...@mariadb.org> -Date: Thu, 24 Jan 2019 00:58:20 +0200 -Subject: MDEV-18360 Prevent set_max_open_files from allocating too many files - -If the rlimit.rlim_cur value returned by getrlimit is not the -RLIM_INFINITY magic constant, but a *very* large number, we can allocate -too many open files. Restrict set_max_open_files to only return at most -max_file_limit, as passed via its parameter. ---- - mysys/my_file.c | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/mysys/my_file.c b/mysys/my_file.c -index 8d01285a94b..b3aef8494cb 100644 ---- a/mysys/my_file.c -+++ b/mysys/my_file.c -@@ -52,10 +52,9 @@ static uint set_max_open_files(uint max_file_limit) - DBUG_PRINT("info", ("rlim_cur: %u rlim_max: %u", - (uint) rlimit.rlim_cur, - (uint) rlimit.rlim_max)); -- if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY) -- rlimit.rlim_cur = max_file_limit; -- if (rlimit.rlim_cur >= max_file_limit) -- DBUG_RETURN(rlimit.rlim_cur); /* purecov: inspected */ -+ if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY || -+ rlimit.rlim_cur >= max_file_limit) -+ DBUG_RETURN(max_file_limit); - rlimit.rlim_cur= rlimit.rlim_max= max_file_limit; - if (setrlimit(RLIMIT_NOFILE, &rlimit)) - max_file_limit= old_cur; /* Use original value */ Added: 0001-arch-specific.patch =================================================================== --- 0001-arch-specific.patch (rev 0) +++ 0001-arch-specific.patch 2019-02-01 07:51:57 UTC (rev 344989) @@ -0,0 +1,134 @@ +From 07abbcbbe129a4c44c58fa2496b0921e52a759c2 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <m...@eworm.de> +Date: Tue, 29 Jan 2019 23:12:01 +0100 +Subject: enable PrivateTmp for a little bit more security +--- + support-files/mariadb.service.in | 2 +- + support-files/mari...@.service.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index 8d43b6db428..a96fbcc9d2c 100644 +--- a/support-files/mariadb.service.in ++++ b/support-files/mariadb.service.in +@@ -117,7 +117,7 @@ UMask=007 + + # If you don't use the /tmp directory for SELECT ... OUTFILE and + # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security. +-PrivateTmp=false ++PrivateTmp=true + + ## + ## Options previously available to be set via [mysqld_safe] +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index a2f5cff0828..83d75f80b87 100644 +--- a/support-files/mari...@.service.in ++++ b/support-files/mari...@.service.in +@@ -41,7 +41,7 @@ Type=notify + + # Setting this to true can break replication and the Type=notify settings + # See also bind-address mysqld option. +-PrivateNetwork=false ++PrivateNetwork=true + + ############################################################################## + ## Package maintainers +From 0e4a158086b765aa3a12b84646aefb9b192443f7 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <m...@eworm.de> +Date: Tue, 29 Jan 2019 23:12:54 +0100 +Subject: force preloading jemalloc for memory management +--- + support-files/mariadb.service.in | 1 + + support-files/mari...@.service.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index a96fbcc9d2c..6bb5d4227b9 100644 +--- a/support-files/mariadb.service.in ++++ b/support-files/mariadb.service.in +@@ -140,6 +140,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index 83d75f80b87..d1d24d685f9 100644 +--- a/support-files/mari...@.service.in ++++ b/support-files/mari...@.service.in +@@ -161,6 +161,7 @@ LimitNOFILE=16364 + # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths + # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). + # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= ++Environment="LD_PRELOAD=/usr/lib/libjemalloc.so" + + # Flush caches. previously [mysqld_safe] flush-caches=1 + # ExecStartPre=sync +From 72b42fb1a344bfc3f3c3c905fe85c93ac4a752e3 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <m...@eworm.de> +Date: Tue, 29 Jan 2019 23:14:23 +0100 +Subject: fix path to our config +--- + support-files/rpm/enable_encryption.preset | 2 +- + support-files/rpm/my.cnf | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/support-files/rpm/enable_encryption.preset b/support-files/rpm/enable_encryption.preset +index 722db7e5fa1..978a7494c6b 100644 +--- a/support-files/rpm/enable_encryption.preset ++++ b/support-files/rpm/enable_encryption.preset +@@ -1,5 +1,5 @@ + # +-# !include this file into your my.cnf (or any of *.cnf files in /etc/my.cnf.d) ++# !include this file into your my.cnf (or any of *.cnf files in /etc/mysql/my.cnf.d) + # and it will enable data at rest encryption. This is a simple way to + # ensure that everything that can be encrypted will be and your + # data will not leak unencrypted. +diff --git a/support-files/rpm/my.cnf b/support-files/rpm/my.cnf +index 913b88f8328..17d25361178 100644 +--- a/support-files/rpm/my.cnf ++++ b/support-files/rpm/my.cnf +@@ -7,5 +7,5 @@ + # + # include all files from the config directory + # +-!includedir /etc/my.cnf.d ++!includedir /etc/mysql/my.cnf.d + +From 820b47c1e70d36f1272cca3ddbdf4bbd2dd62bde Mon Sep 17 00:00:00 2001 +From: Christian Hesse <m...@eworm.de> +Date: Wed, 30 Jan 2019 00:46:47 +0100 +Subject: remove aliases from systemd unit files +--- + support-files/mariadb.service.in | 2 -- + support-files/mari...@.service.in | 2 -- + 2 files changed, 4 deletions(-) + +diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in +index 8d43b6db428..d7fa6bf5b14 100644 +--- a/support-files/mariadb.service.in ++++ b/support-files/mariadb.service.in +@@ -20,8 +20,6 @@ After=network.target + + [Install] + WantedBy=multi-user.target +-Alias=mysql.service +-Alias=mysqld.service + + + [Service] +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index a2f5cff0828..3fc41358e14 100644 +--- a/support-files/mari...@.service.in ++++ b/support-files/mari...@.service.in +@@ -27,8 +27,6 @@ ConditionPathExists=@sysconf2dir@/my%I.cnf + + [Install] + WantedBy=multi-user.target +-Alias=mysql.service +-Alias=mysqld.service + + + [Service] Deleted: 0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch =================================================================== --- 0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch 2019-01-31 21:39:33 UTC (rev 344988) +++ 0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch 2019-02-01 07:51:57 UTC (rev 344989) @@ -1,32 +0,0 @@ -From 5936f0be4a49eda7b05ea1591bbbba3d72e4d7b9 Mon Sep 17 00:00:00 2001 -From: Christian Hesse <m...@eworm.de> -Date: Fri, 25 Jan 2019 14:50:53 +0100 -Subject: fix galera_recovery with fs.protected_regular enabled - -The fs.protected_regular sysctls was added in Linux 4.19 to make some -data spoofing attacks harder. With systemd v241 these will be enabled -by default. - -With this protection enabled galera_recovery fails with EPERM -(permission denied). This is caused by a wrong security measure: -The script changes ownership of $log_file to $user, though $user never -touches it. The shell redirection writes output to the file, not mysqld. -So just drop chown to fix this. ---- - scripts/galera_recovery.sh | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh -index c58f3d8f6b9..c70decc0005 100644 ---- a/scripts/galera_recovery.sh -+++ b/scripts/galera_recovery.sh -@@ -101,8 +101,7 @@ wsrep_recover_position() { - - # Safety checks - if [ -n "$log_file" -a -f "$log_file" ]; then -- [ "$euid" = "0" ] && chown $user $log_file -- chmod 600 $log_file -+ chmod 600 $log_file - else - log "WSREP: mktemp failed" - fi Added: 0002-systemd-sysusers-tmpfiles.patch =================================================================== --- 0002-systemd-sysusers-tmpfiles.patch (rev 0) +++ 0002-systemd-sysusers-tmpfiles.patch 2019-02-01 07:51:57 UTC (rev 344989) @@ -0,0 +1,60 @@ +From dc7aff5e5331820205282576f6ade015f672969b Mon Sep 17 00:00:00 2001 +From: Christian Hesse <m...@eworm.de> +Date: Tue, 2 Jan 2018 14:32:21 +0100 +Subject: Use descriptive file names for sysusers and tmpfiles configuration + +These files were installed to: + +${INSTALL_SYSTEMD_SYSUSERSDIR}/sysusers.conf +${INSTALL_SYSTEMD_TMPFILESDIR}/tmpfiles.conf + +Instead rename the files to more descriptive file names 'mariadb.conf'. +--- + support-files/CMakeLists.txt | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/support-files/CMakeLists.txt b/support-files/CMakeLists.txt +index 4ad3810e082..8363922d468 100644 +--- a/support-files/CMakeLists.txt ++++ b/support-files/CMakeLists.txt +@@ -117,7 +117,8 @@ IF(UNIX) + CONFIGURE_FILE(sysusers.conf.in + ${CMAKE_CURRENT_BINARY_DIR}/sysusers.conf @ONLY) + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/sysusers.conf +- DESTINATION ${INSTALL_SYSTEMD_SYSUSERSDIR} COMPONENT Server) ++ DESTINATION ${INSTALL_SYSTEMD_SYSUSERSDIR} ++ RENAME mariadb.conf COMPONENT Server) + ENDIF() + + IF(INSTALL_SYSTEMD_TMPFILESDIR) +@@ -125,7 +126,8 @@ IF(UNIX) + CONFIGURE_FILE(tmpfiles.conf.in + ${CMAKE_CURRENT_BINARY_DIR}/tmpfiles.conf @ONLY) + INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/tmpfiles.conf +- DESTINATION ${INSTALL_SYSTEMD_TMPFILESDIR} COMPONENT Server) ++ DESTINATION ${INSTALL_SYSTEMD_TMPFILESDIR} ++ RENAME mariadb.conf COMPONENT Server) + ENDIF() + + # @ in directory name broken between CMake version 2.8.12.2 and 3.3 +From c86912c8896b65c1dd9226c1bc2987189d4840c2 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <m...@eworm.de> +Date: Tue, 2 Jan 2018 14:36:49 +0100 +Subject: Make systemd-tmpfiles create MYSQL_DATADIR + +This is a no-op if the directory exists, but makes sure it is created by +systemd-tmpfiles with proper permissions otherwise. + +This solves packaging issues when the user MYSQLD_USER is created by +systemd-sysusers and uid is not known in advance. +--- + support-files/tmpfiles.conf.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in +index 03d66abc0c7..3c89cb258c9 100644 +--- a/support-files/tmpfiles.conf.in ++++ b/support-files/tmpfiles.conf.in +@@ -1 +1,2 @@ + d @MYSQL_UNIX_DIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ - ++d @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ - Added: 0003-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch =================================================================== --- 0003-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch (rev 0) +++ 0003-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch 2019-02-01 07:51:57 UTC (rev 344989) @@ -0,0 +1,31 @@ +From 8b87e87252f7d0599a99f18cd5f51914d2611397 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= <vicen...@mariadb.org> +Date: Thu, 24 Jan 2019 00:58:20 +0200 +Subject: MDEV-18360 Prevent set_max_open_files from allocating too many files + +If the rlimit.rlim_cur value returned by getrlimit is not the +RLIM_INFINITY magic constant, but a *very* large number, we can allocate +too many open files. Restrict set_max_open_files to only return at most +max_file_limit, as passed via its parameter. +--- + mysys/my_file.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/mysys/my_file.c b/mysys/my_file.c +index 8d01285a94b..b3aef8494cb 100644 +--- a/mysys/my_file.c ++++ b/mysys/my_file.c +@@ -52,10 +52,9 @@ static uint set_max_open_files(uint max_file_limit) + DBUG_PRINT("info", ("rlim_cur: %u rlim_max: %u", + (uint) rlimit.rlim_cur, + (uint) rlimit.rlim_max)); +- if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY) +- rlimit.rlim_cur = max_file_limit; +- if (rlimit.rlim_cur >= max_file_limit) +- DBUG_RETURN(rlimit.rlim_cur); /* purecov: inspected */ ++ if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY || ++ rlimit.rlim_cur >= max_file_limit) ++ DBUG_RETURN(max_file_limit); + rlimit.rlim_cur= rlimit.rlim_max= max_file_limit; + if (setrlimit(RLIMIT_NOFILE, &rlimit)) + max_file_limit= old_cur; /* Use original value */ Added: 0004-do-not-break-main-configuration-with-instantiated-one.patch =================================================================== --- 0004-do-not-break-main-configuration-with-instantiated-one.patch (rev 0) +++ 0004-do-not-break-main-configuration-with-instantiated-one.patch 2019-02-01 07:51:57 UTC (rev 344989) @@ -0,0 +1,56 @@ +From 8fe9b2658664d0ece15fe57442706446fed66d6e Mon Sep 17 00:00:00 2001 +From: Christian Hesse <m...@eworm.de> +Date: Tue, 15 Jan 2019 17:22:56 +0100 +Subject: do not break main configuration with instantiated one + +The main configuration file /etc/my.cnf includes all configuration files in +/etc/my.cnf.d/. However an instantiated service mariadb@example.service +reads its configuration from /etc/my.cnf.d/myexample.cnf. This breaks +the main configuration as that includes a snippet intended for an instance. + +This can be fixed by changing the path: Let the instantiated service +read its configuration from /etc/myexample.cnf. +--- + support-files/mari...@.service.in | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/support-files/mari...@.service.in b/support-files/mari...@.service.in +index a2f5cff0828..1207e690f47 100644 +--- a/support-files/mari...@.service.in ++++ b/support-files/mari...@.service.in +@@ -1,7 +1,7 @@ + # Multi instance version of mariadb. For if you run multiple versions at once. + # Also used for mariadb@bootstrap to bootstrap Galera. + # +-# create config file @sysconf2dir@/my{instancename}.cnf ++# create config file @sysconfdir@/my{instancename}.cnf + # + # start as systemctl start mariadb@{instancename}.server + +@@ -23,7 +23,7 @@ Documentation=man:mysqld(8) + Documentation=https://mariadb.com/kb/en/library/systemd/ + After=network.target + +-ConditionPathExists=@sysconf2dir@/my%I.cnf ++ConditionPathExists=@sysconfdir@/my%I.cnf + + [Install] + WantedBy=multi-user.target +@@ -75,7 +75,7 @@ PermissionsStartOnly=true + ExecStartPre=/bin/sh -c "systemctl unset-environment _WSREP_START_POSITION%I" + + ExecStartPre=/bin/sh -c "[ ! -e @bindir@/galera_recovery ] && VAR= || \ +- VAR=`@bindir@/galera_recovery --defaults-file=@sysconf2dir@/my%I.cnf`; [ $? -eq 0 ] \ ++ VAR=`@bindir@/galera_recovery --defaults-file=@sysconfdir@/my%I.cnf`; [ $? -eq 0 ] \ + && systemctl set-environment _WSREP_START_POSITION%I=$VAR || exit 1" + + # Alternate: (remove ConditionPathExists above) +@@ -96,7 +96,7 @@ ExecStartPre=/bin/sh -c "[ ! -e @bindir@/galera_recovery ] && VAR= || \ + + # Note: Place $MYSQLD_OPTS at the very end for its options to take precedence. + +-ExecStart=@sbindir@/mysqld --defaults-file=@sysconf2dir@/my%I.cnf \ ++ExecStart=@sbindir@/mysqld --defaults-file=@sysconfdir@/my%I.cnf \ + $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION%I $MYSQLD_OPTS + # Alternate: (remove ConditionPathExists above) + # use [mysqld.INSTANCENAME] as sections in my.cnf Added: 0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch =================================================================== --- 0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch (rev 0) +++ 0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch 2019-02-01 07:51:57 UTC (rev 344989) @@ -0,0 +1,32 @@ +From 5936f0be4a49eda7b05ea1591bbbba3d72e4d7b9 Mon Sep 17 00:00:00 2001 +From: Christian Hesse <m...@eworm.de> +Date: Fri, 25 Jan 2019 14:50:53 +0100 +Subject: fix galera_recovery with fs.protected_regular enabled + +The fs.protected_regular sysctls was added in Linux 4.19 to make some +data spoofing attacks harder. With systemd v241 these will be enabled +by default. + +With this protection enabled galera_recovery fails with EPERM +(permission denied). This is caused by a wrong security measure: +The script changes ownership of $log_file to $user, though $user never +touches it. The shell redirection writes output to the file, not mysqld. +So just drop chown to fix this. +--- + scripts/galera_recovery.sh | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh +index c58f3d8f6b9..c70decc0005 100644 +--- a/scripts/galera_recovery.sh ++++ b/scripts/galera_recovery.sh +@@ -101,8 +101,7 @@ wsrep_recover_position() { + + # Safety checks + if [ -n "$log_file" -a -f "$log_file" ]; then +- [ "$euid" = "0" ] && chown $user $log_file +- chmod 600 $log_file ++ chmod 600 $log_file + else + log "WSREP: mktemp failed" + fi Modified: PKGBUILD =================================================================== --- PKGBUILD 2019-01-31 21:39:33 UTC (rev 344988) +++ PKGBUILD 2019-02-01 07:51:57 UTC (rev 344989) @@ -13,44 +13,47 @@ 'openssl' 'systemd' 'zlib' 'zstd') validpgpkeys=('199369E5404BD5FC7D2FE43BCBCB082A1BB943DB') # MariaDB Package Signing Key <package-signing-...@mariadb.org> source=("https://ftp.heanet.ie/mirrors/mariadb/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz"{,.asc} - '0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch' - '0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch') + '0001-arch-specific.patch' + '0002-systemd-sysusers-tmpfiles.patch' + '0003-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch' + '0004-do-not-break-main-configuration-with-instantiated-one.patch' + '0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch') sha256sums=('f7449a34c25e0455928d7983dae83fd2069fe1f16c4c5f4aeed9ed9d3f081ff6' 'SKIP' + '5a443a403821931ce35759e9583d23cd809b3b5a5df5b8293ac8e33b9c0cbc0f' + '1cd009b473d5965c7cbe6d48fff272030a2ccdd9c7e67b4f837d03252786a09a' 'f2a93769bfd9a5421871846b091ff752dfceea1791beab2ee55ac93d24df02c7' + 'd12806e4f90cc0fc081205dd4c0a5e0e7c455844f04276811b61b57fd24f5545' '66e0acac7436fd8925710ef5cc66ba1a8f63a385ce374f01ae83096cc33d97a0') prepare() { cd $pkgbase-$pkgver/ - # Changes to the upstream unit files: - # * remove the alias from unit files, we install symlinks in package function + # Arch Linux specific patches: # * enable PrivateTmp for a little bit more security # * force preloading jemalloc for memory management - sed -i -e '/^Alias/d' \ - -e '/^PrivateTmp/c PrivateTmp=true' \ - -e '/# Environment="LD_/a Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"' \ - support-files/mariadb{,@}.service.in + # * fix path to our config + patch -Np1 < ../0001-arch-specific.patch - # let's create the datadir from tmpfiles - echo 'd @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ -' >> support-files/tmpfiles.conf.in + # MDEV-17028 Fix glitches with systemd sysusers and tmpfiles: + # * Use descriptive file names for sysusers and tmpfiles configuration + # * Make systemd-tmpfiles create MYSQL_DATADIR + # https://github.com/MariaDB/server/pull/530 + patch -Np1 < ../0002-systemd-sysusers-tmpfiles.patch - # instantiated configs are not subject to be included from main config - sed -i 's|@sysconf2dir@|@sysconfdir@|' support-files/mari...@.service.in - - # fix path to our config - sed -i 's|my.cnf.d|mysql/my.cnf.d|' support-files/rpm/{my.cnf,enable_encryption.preset} - # MDEV-18360 Prevent set_max_open_files from allocating too many files # https://bugs.archlinux.org/task/61433 # https://github.com/systemd/systemd/issues/11510 # https://jira.mariadb.org/browse/MDEV-18360 - patch -Np1 < ../0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch + patch -Np1 < ../0003-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch + # do not break main configuration with instantiated one + # https://github.com/MariaDB/server/pull/1095 + patch -Np1 < ../0004-do-not-break-main-configuration-with-instantiated-one.patch + # fix galera_recovery with fs.protected_regular enabled # https://github.com/MariaDB/server/pull/1137 - patch -Np1 < ../0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch - + patch -Np1 < ../0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch } build() { @@ -188,11 +191,7 @@ rm usr/bin/rcmysql rm usr/share/mysql/{binary-configure,mysql{,d_multi}.server} - # these should have useful names - mv usr/lib/sysusers.d/{sysusers,mariadb}.conf - mv usr/lib/tmpfiles.d/{tmpfiles,mariadb}.conf - - # links service files with old name for compatibility + # link service files with old name for compatibility ln -s mariadb.service usr/lib/systemd/system/mysqld.service ln -s mariadb@.service usr/lib/systemd/system/mysqld@.service @@ -201,8 +200,7 @@ mv usr/share/doc/mariadb/COPYING* usr/share/licenses/mariadb/ # move it where one might look for it - mv usr/share/{groonga,doc/mariadb/} - mv usr/share/{groonga-normalizer-mysql,doc/mariadb/} + mv usr/share/{groonga{,-normalizer-mysql},doc/mariadb/} # already installed to real systemd unit directory or useless rm -r usr/share/mysql/systemd/ Modified: mariadb.install =================================================================== --- mariadb.install 2019-01-31 21:39:33 UTC (rev 344988) +++ mariadb.install 2019-02-01 07:51:57 UTC (rev 344989) @@ -6,7 +6,7 @@ echo " mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql" } -post_upgrade(){ +post_upgrade() { # show for feature release: 10.1 -> 10.2 -> 10.3 -> ... if [ $(vercmp "${1%.*}" "${2%.*}") -ne 0 ]; then echo ":: MariaDB was updated to a new feature release. To update the data run:"