[arch-commits] Commit in mariadb/repos/testing-x86_64 (4 files)
Christian Hesse
eworm at archlinux.org
Fri Jan 25 15:17:02 UTC 2019
Date: Friday, January 25, 2019 @ 15:17:00
Author: eworm
Revision: 344769
archrelease: copy trunk to testing-x86_64
Added:
mariadb/repos/testing-x86_64/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
(from rev 344768, mariadb/trunk/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch)
mariadb/repos/testing-x86_64/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch
(from rev 344768, mariadb/trunk/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch)
mariadb/repos/testing-x86_64/PKGBUILD
(from rev 344768, mariadb/trunk/PKGBUILD)
mariadb/repos/testing-x86_64/mariadb.install
(from rev 344768, mariadb/trunk/mariadb.install)
---------------------------------------------------------------------------------+
0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch | 31 +
0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch | 32 +
PKGBUILD | 240 ++++++++++
mariadb.install | 15
4 files changed, 318 insertions(+)
Copied: mariadb/repos/testing-x86_64/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch (from rev 344768, mariadb/trunk/0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch)
===================================================================
--- 0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch (rev 0)
+++ 0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch 2019-01-25 15:17:00 UTC (rev 344769)
@@ -0,0 +1,31 @@
+From 8b87e87252f7d0599a99f18cd5f51914d2611397 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Vicen=C8=9Biu=20Ciorbaru?= <vicentiu at mariadb.org>
+Date: Thu, 24 Jan 2019 00:58:20 +0200
+Subject: MDEV-18360 Prevent set_max_open_files from allocating too many files
+
+If the rlimit.rlim_cur value returned by getrlimit is not the
+RLIM_INFINITY magic constant, but a *very* large number, we can allocate
+too many open files. Restrict set_max_open_files to only return at most
+max_file_limit, as passed via its parameter.
+---
+ mysys/my_file.c | 7 +++----
+ 1 file changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/mysys/my_file.c b/mysys/my_file.c
+index 8d01285a94b..b3aef8494cb 100644
+--- a/mysys/my_file.c
++++ b/mysys/my_file.c
+@@ -52,10 +52,9 @@ static uint set_max_open_files(uint max_file_limit)
+ DBUG_PRINT("info", ("rlim_cur: %u rlim_max: %u",
+ (uint) rlimit.rlim_cur,
+ (uint) rlimit.rlim_max));
+- if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY)
+- rlimit.rlim_cur = max_file_limit;
+- if (rlimit.rlim_cur >= max_file_limit)
+- DBUG_RETURN(rlimit.rlim_cur); /* purecov: inspected */
++ if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY ||
++ rlimit.rlim_cur >= max_file_limit)
++ DBUG_RETURN(max_file_limit);
+ rlimit.rlim_cur= rlimit.rlim_max= max_file_limit;
+ if (setrlimit(RLIMIT_NOFILE, &rlimit))
+ max_file_limit= old_cur; /* Use original value */
Copied: mariadb/repos/testing-x86_64/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch (from rev 344768, mariadb/trunk/0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch)
===================================================================
--- 0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch (rev 0)
+++ 0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch 2019-01-25 15:17:00 UTC (rev 344769)
@@ -0,0 +1,32 @@
+From 5936f0be4a49eda7b05ea1591bbbba3d72e4d7b9 Mon Sep 17 00:00:00 2001
+From: Christian Hesse <mail at eworm.de>
+Date: Fri, 25 Jan 2019 14:50:53 +0100
+Subject: fix galera_recovery with fs.protected_regular enabled
+
+The fs.protected_regular sysctls was added in Linux 4.19 to make some
+data spoofing attacks harder. With systemd v241 these will be enabled
+by default.
+
+With this protection enabled galera_recovery fails with EPERM
+(permission denied). This is caused by a wrong security measure:
+The script changes ownership of $log_file to $user, though $user never
+touches it. The shell redirection writes output to the file, not mysqld.
+So just drop chown to fix this.
+---
+ scripts/galera_recovery.sh | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh
+index c58f3d8f6b9..c70decc0005 100644
+--- a/scripts/galera_recovery.sh
++++ b/scripts/galera_recovery.sh
+@@ -101,8 +101,7 @@ wsrep_recover_position() {
+
+ # Safety checks
+ if [ -n "$log_file" -a -f "$log_file" ]; then
+- [ "$euid" = "0" ] && chown $user $log_file
+- chmod 600 $log_file
++ chmod 600 $log_file
+ else
+ log "WSREP: mktemp failed"
+ fi
Copied: mariadb/repos/testing-x86_64/PKGBUILD (from rev 344768, mariadb/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2019-01-25 15:17:00 UTC (rev 344769)
@@ -0,0 +1,240 @@
+# Maintainer: Bartłomiej Piotrowski <bpiotrowski at archlinux.org>
+# Maintainer: Christian Hesse <mail at eworm.de>
+
+pkgbase=mariadb
+pkgname=('mariadb-libs' 'mariadb-clients' 'mariadb' 'mytop')
+pkgdesc='Fast SQL database server, derived from MySQL'
+pkgver=10.3.12
+pkgrel=5
+arch=('x86_64')
+license=('GPL')
+url='https://mariadb.org/'
+makedepends=('boost' 'bzip2' 'cmake' 'jemalloc' 'libaio' 'libxml2' 'lz4' 'lzo'
+ 'openssl' 'systemd' 'zlib' 'zstd')
+validpgpkeys=('199369E5404BD5FC7D2FE43BCBCB082A1BB943DB') # MariaDB Package Signing Key <package-signing-key at mariadb.org>
+source=("https://ftp.heanet.ie/mirrors/mariadb/mariadb-$pkgver/source/mariadb-$pkgver.tar.gz"{,.asc}
+ '0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch'
+ '0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch')
+sha256sums=('f7449a34c25e0455928d7983dae83fd2069fe1f16c4c5f4aeed9ed9d3f081ff6'
+ 'SKIP'
+ 'f2a93769bfd9a5421871846b091ff752dfceea1791beab2ee55ac93d24df02c7'
+ '66e0acac7436fd8925710ef5cc66ba1a8f63a385ce374f01ae83096cc33d97a0')
+
+prepare() {
+ cd $pkgbase-$pkgver/
+
+ # Changes to the upstream unit files:
+ # * remove the alias from unit files, we install symlinks in package function
+ # * enable PrivateTmp for a little bit more security
+ # * force preloading jemalloc for memory management
+ sed -i -e '/^Alias/d' \
+ -e '/^PrivateTmp/c PrivateTmp=true' \
+ -e '/# Environment="LD_/a Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"' \
+ support-files/mariadb{,@}.service.in
+
+ # let's create the datadir from tmpfiles
+ echo 'd @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ -' >> support-files/tmpfiles.conf.in
+
+ # instantiated configs are not subject to be included from main config
+ sed -i 's|@sysconf2dir@|@sysconfdir@|' support-files/mariadb at .service.in
+
+ # fix path to our config
+ sed -i 's|my.cnf.d|mysql/my.cnf.d|' support-files/rpm/{my.cnf,enable_encryption.preset}
+
+ # MDEV-18360 Prevent set_max_open_files from allocating too many files
+ # https://bugs.archlinux.org/task/61433
+ # https://github.com/systemd/systemd/issues/11510
+ # https://jira.mariadb.org/browse/MDEV-18360
+ patch -Np1 < ../0001-MDEV-18360-Prevent-set_max_open_files-from-allocating-too-many-files.patch
+
+ # fix galera_recovery with fs.protected_regular enabled
+ # https://github.com/MariaDB/server/pull/1137
+ patch -Np1 < ../0002-fix-galera_recovery-with-fs.protected_regular-enabled.patch
+
+}
+
+build() {
+ local _cmake_options=(
+ # build options
+ -DCMAKE_BUILD_TYPE=RelWithDebInfo
+ -Wno-dev
+
+ # file paths
+ # /etc
+ -DINSTALL_SYSCONFDIR=/etc/mysql
+ -DINSTALL_SYSCONF2DIR=/etc/mysql/my.cnf.d
+ # /run
+ -DINSTALL_UNIX_ADDRDIR=/run/mysqld/mysqld.sock
+ # /usr
+ -DCMAKE_INSTALL_PREFIX=/usr
+ # /usr/bin /usr/include
+ -DINSTALL_SCRIPTDIR=bin
+ -DINSTALL_INCLUDEDIR=include/mysql
+ # /usr/lib
+ -DINSTALL_PLUGINDIR=lib/mysql/plugin
+ -DINSTALL_SYSTEMD_UNITDIR=/usr/lib/systemd/system/
+ -DINSTALL_SYSTEMD_SYSUSERSDIR=/usr/lib/sysusers.d/
+ -DINSTALL_SYSTEMD_TMPFILESDIR=/usr/lib/tmpfiles.d/
+ # /usr/share
+ -DINSTALL_SHAREDIR=share
+ -DINSTALL_SUPPORTFILESDIR=share/mysql
+ -DINSTALL_MYSQLSHAREDIR=share/mysql
+ -DINSTALL_DOCREADMEDIR=share/doc/mariadb
+ -DINSTALL_DOCDIR=share/doc/mariadb
+ -DINSTALL_MANDIR=share/man
+ # /var
+ -DMYSQL_DATADIR=/var/lib/mysql
+
+ # default settings
+ -DDEFAULT_CHARSET=utf8mb4
+ -DDEFAULT_COLLATION=utf8mb4_unicode_ci
+
+ # features
+ -DENABLED_LOCAL_INFILE=ON
+ -DPLUGIN_EXAMPLE=NO
+ -DPLUGIN_FEDERATED=NO
+ -DPLUGIN_FEEDBACK=NO
+ -DWITH_EMBEDDED_SERVER=ON
+ -DWITH_EXTRA_CHARSETS=complex
+ -DWITH_JEMALLOC=ON
+ -DWITH_LIBWRAP=OFF
+ -DWITH_PCRE=bundled
+ -DWITH_READLINE=ON
+ -DWITH_SSL=system
+ -DWITH_SYSTEMD=yes
+ -DWITH_UNIT_TESTS=OFF
+ -DWITH_ZLIB=system
+ )
+
+ mkdir build
+ cd build
+
+ cmake ../"$pkgbase-$pkgver" "${_cmake_options[@]}"
+
+ make
+}
+
+check() {
+ cd build/mysql-test
+
+ # Takes *really* long, so disabled by default.
+ #./mtr --parallel=5 --mem --force --max-test-fail=0
+}
+
+package_mariadb-libs() {
+ pkgdesc='MariaDB libraries'
+ depends=('bzip2' 'libaio' 'lz4' 'lzo' 'openssl' 'xz' 'zlib')
+ conflicts=('libmysqlclient' 'libmariadbclient' 'mariadb-connector-c')
+ provides=('libmariadbclient' 'mariadb-connector-c')
+ replaces=('libmariadbclient')
+
+ cd build
+
+ for dir in libmariadb libmysqld libservices include; do
+ make -C "$dir" DESTDIR="$pkgdir" install
+ done
+
+ ln -s mariadb_config "$pkgdir"/usr/bin/mysql_config
+ install -D -m0644 "$srcdir"/"$pkgbase-$pkgver"/man/mysql_config.1 "$pkgdir"/usr/share/man/man1/mysql_config.1
+
+ install -D -m0644 support-files/mariadb.pc "$pkgdir"/usr/share/pkgconfig/mariadb.pc
+ install -D -m0644 "$srcdir"/"$pkgbase-$pkgver"/support-files/mysql.m4 "$pkgdir"/usr/share/aclocal/mysql.m4
+
+ cd "$pkgdir"
+
+ # remove static libraries
+ rm usr/lib/*.a
+}
+
+package_mariadb-clients() {
+ pkgdesc='MariaDB client tools'
+ depends=("mariadb-libs=${pkgver}" 'jemalloc')
+ conflicts=('mysql-clients')
+ provides=("mysql-clients=$pkgver")
+
+ cd build
+
+ make -C client DESTDIR="$pkgdir" install
+
+ # install man pages
+ for man in mysql mysql_plugin mysql_upgrade mysqladmin mysqlbinlog mysqlcheck mysqldump mysqlimport mysqlshow mysqlslap mysqltest; do
+ install -D -m0644 "$srcdir"/"$pkgbase-$pkgver"/man/"$man.1" "$pkgdir"/usr/share/man/man1/"$man.1"
+ done
+}
+
+package_mariadb() {
+ pkgdesc='Fast SQL database server, derived from MySQL'
+ backup=('etc/mysql/my.cnf'
+ 'etc/mysql/my.cnf.d/client.cnf'
+ 'etc/mysql/my.cnf.d/enable_encryption.preset'
+ 'etc/mysql/my.cnf.d/mysql-clients.cnf'
+ 'etc/mysql/my.cnf.d/server.cnf')
+ install=mariadb.install
+ depends=("mariadb-clients=${pkgver}" 'inetutils' 'libsystemd' 'libxml2' 'zstd')
+ optdepends=('galera: for MariaDB cluster with Galera WSREP'
+ 'perl-dbd-mysql: for mysqlhotcopy, mysql_convert_table_format and mysql_setpermission')
+ conflicts=('mysql')
+ provides=("mysql=$pkgver")
+ options=('emptydirs')
+
+ cd build
+
+ make DESTDIR="$pkgdir" install
+
+ cd "$pkgdir"
+
+ # no SysV init, please!
+ rm -r etc/mysql/{init.d,logrotate.d}
+ rm usr/bin/rcmysql
+ rm usr/share/mysql/{binary-configure,mysql{,d_multi}.server}
+
+ # these should have useful names
+ mv usr/lib/sysusers.d/{sysusers,mariadb}.conf
+ mv usr/lib/tmpfiles.d/{tmpfiles,mariadb}.conf
+
+ # links service files with old name for compatibility
+ ln -s mariadb.service usr/lib/systemd/system/mysqld.service
+ ln -s mariadb at .service usr/lib/systemd/system/mysqld at .service
+
+ # move to proper licenses directories
+ install -d usr/share/licenses/mariadb
+ mv usr/share/doc/mariadb/COPYING* usr/share/licenses/mariadb/
+
+ # move it where one might look for it
+ mv usr/share/{groonga,doc/mariadb/}
+ mv usr/share/{groonga-normalizer-mysql,doc/mariadb/}
+
+ # already installed to real systemd unit directory or useless
+ rm -r usr/share/mysql/systemd/
+ rm -r usr/lib/systemd/system/mariadb at bootstrap.service.d
+
+ # provided by mariadb-libs
+ rm usr/bin/mariadb_config
+ rm usr/bin/mysql_config
+ rm -r usr/include/
+ rm usr/share/man/man1/mysql_config.1
+ rm -r usr/share/{aclocal,pkgconfig}
+ rm usr/lib/lib*
+ rm usr/lib/mysql/plugin/{auth_gssapi_client,caching_sha2_password,dialog,mysql_clear_password,sha256_password}.so
+ rm -r usr/lib/pkgconfig/
+
+ # provided by mariadb-clients
+ rm usr/bin/{mysql,mysql_plugin,mysql_upgrade,mysqladmin,mysqlbinlog,mysqlcheck,mysqldump,mysqlimport,mysqlshow,mysqlslap,mysqltest}
+ rm usr/share/man/man1/{mysql,mysql_plugin,mysql_upgrade,mysqladmin,mysqlbinlog,mysqlcheck,mysqldump,mysqlimport,mysqlshow,mysqlslap,mysqltest}.1
+
+ # provided by mytop
+ rm usr/bin/mytop
+
+ # not needed
+ rm -r usr/{data,mysql-test,sql-bench}
+ rm usr/share/man/man1/mysql-test-run.pl.1
+}
+
+package_mytop() {
+ pkgdesc='Top clone for MariaDB'
+ depends=('perl' 'perl-dbd-mysql' 'perl-term-readkey')
+
+ cd build
+
+ install -D -m0755 scripts/mytop "$pkgdir"/usr/bin/mytop
+}
Copied: mariadb/repos/testing-x86_64/mariadb.install (from rev 344768, mariadb/trunk/mariadb.install)
===================================================================
--- mariadb.install (rev 0)
+++ mariadb.install 2019-01-25 15:17:00 UTC (rev 344769)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+post_install() {
+ echo ":: You need to initialize the MariaDB data directory prior to starting"
+ echo " the service. This can be done with mysql_install_db command, e.g.:"
+ echo " mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql"
+}
+
+post_upgrade(){
+ # show for feature release: 10.1 -> 10.2 -> 10.3 -> ...
+ if [ $(vercmp "${1%.*}" "${2%.*}") -ne 0 ]; then
+ echo ":: MariaDB was updated to a new feature release. To update the data run:"
+ echo " systemctl restart mariadb.service && mysql_upgrade -u root -p"
+ fi
+}
More information about the arch-commits
mailing list