[arch-commits] Commit in mariadb/trunk (3 files)

Christian Hesse eworm at archlinux.org
Thu Feb 13 12:14:55 UTC 2020 

    Date: Thursday, February 13, 2020 @ 12:14:54
  Author: eworm
Revision: 375526

use another upstream patch

Added:
  mariadb/trunk/0003-MDEV-21140-Make-galera_recovery.sh-work-with-fs.protected_regular.patch
Modified:
  mariadb/trunk/PKGBUILD
Deleted:
  mariadb/trunk/0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch

------------------------------------------------------------------------------+
 0003-MDEV-21140-Make-galera_recovery.sh-work-with-fs.protected_regular.patch |   23 ++++++
 0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch             |   34 ----------
 PKGBUILD                                                                     |    9 +-
 3 files changed, 27 insertions(+), 39 deletions(-)

Added: 0003-MDEV-21140-Make-galera_recovery.sh-work-with-fs.protected_regular.patch
===================================================================
--- 0003-MDEV-21140-Make-galera_recovery.sh-work-with-fs.protected_regular.patch	                        (rev 0)
+++ 0003-MDEV-21140-Make-galera_recovery.sh-work-with-fs.protected_regular.patch	2020-02-13 12:14:54 UTC (rev 375526)
@@ -0,0 +1,23 @@
+commit f6003fbc8cbd6779b6e7fcf5b05293b54a4948f8
+Author: Alexander E. Patrakov <patrakov at gmail.com>
+Date:   Thu Nov 28 17:37:57 2019 +0500
+
+    MDEV-21140 Make galera_recovery.sh work with fs.protected_regular = 1 (#1417)
+    
+    The log file is opened as root since commit bb7a70c, so there is no need
+    to chown it.
+
+diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh
+index 709c4b0eed5..8df2abc3fd5 100644
+--- a/scripts/galera_recovery.sh
++++ b/scripts/galera_recovery.sh
+@@ -101,8 +101,7 @@ wsrep_recover_position() {
+ 
+ # Safety checks
+ if [ -n "$log_file" -a -f "$log_file" ]; then
+-  [ "$euid" = "0" ] && chown $user $log_file
+-      chmod 600 $log_file
++  chmod 600 $log_file
+ else
+   log "WSREP: mktemp failed"
+ fi

Deleted: 0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch
===================================================================
--- 0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch	2020-02-13 11:00:01 UTC (rev 375525)
+++ 0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch	2020-02-13 12:14:54 UTC (rev 375526)
@@ -1,34 +0,0 @@
-From 471952a37f2523a00d2b4fd617128b3fa9d0cf03 Mon Sep 17 00:00:00 2001
-From: Christian Hesse <mail at eworm.de>
-Date: Fri, 25 Jan 2019 14:50:53 +0100
-Subject: [PATCH 1/1] fix galera_recovery with fs.protected_regular enabled
-
-The fs.protected_regular sysctls was added in Linux 4.19 to make some
-data spoofing attacks harder. With systemd v241 these will be enabled
-by default.
-
-With this protection enabled galera_recovery fails with EPERM
-(permission denied). This is caused by a wrong security measure:
-The script changes ownership of $log_file to $user, though $user never
-touches it. The shell redirection writes output to the file, not mysqld.
-So just drop chown to fix this.
-
-Signed-off-by: Christian Hesse <mail at eworm.de>
----
- scripts/galera_recovery.sh | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/scripts/galera_recovery.sh b/scripts/galera_recovery.sh
-index 709c4b0eed5..8df2abc3fd5 100644
---- a/scripts/galera_recovery.sh
-+++ b/scripts/galera_recovery.sh
-@@ -101,8 +101,7 @@ wsrep_recover_position() {
- 
- # Safety checks
- if [ -n "$log_file" -a -f "$log_file" ]; then
--  [ "$euid" = "0" ] && chown $user $log_file
--      chmod 600 $log_file
-+  chmod 600 $log_file
- else
-   log "WSREP: mktemp failed"
- fi

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-02-13 11:00:01 UTC (rev 375525)
+++ PKGBUILD	2020-02-13 12:14:54 UTC (rev 375526)
@@ -19,12 +19,12 @@
 source=("rsync://rsync.osuosl.org/mariadb/mariadb-${pkgver}/source/mariadb-${pkgver}.tar.gz"{,.asc}
         '0001-arch-specific.patch'
         '0002-MDEV-17028-Use-descriptive-file-names.patch'
-        '0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch')
+        '0003-MDEV-21140-Make-galera_recovery.sh-work-with-fs.protected_regular.patch')
 sha256sums=('fef1e1d38aa253dd8a51006bd15aad184912fce31c446bb69434fcde735aa208'
             'SKIP'
             'e14e1ce5f0d7117dfa7870e92e1224d4ca5e6b3fc395ab6da78aa777e3e403ab'
             '359e41ffdae0b22f12a9cc4a327e0b25942292235edb7373f690da19c5a67ef5'
-            'c8c801f80924ccb97b499552fe1c532b3ebf8f86cdfc0d23715d4adb1a8810f0')
+            'c6f4b3f19f254970d5738b7214da5ab25dd17885b4f83f8da3154ffecfcb44d4')
 
 prepare() {
   cd $pkgbase-$pkgver/
@@ -39,9 +39,8 @@
   # MDEV-17028: Use descriptive file names for sysusers and tmpfiles configuration
   patch -Np1 < ../0002-MDEV-17028-Use-descriptive-file-names.patch
 
-  # fix galera_recovery with fs.protected_regular enabled
-  # https://github.com/MariaDB/server/pull/1137
-  patch -Np1 < ../0005-fix-galera_recovery-with-fs.protected_regular-enabled.patch
+  # MDEV-21140 Make galera_recovery.sh work with fs.protected_regular = 1 (#1417)
+  patch -Np1 < ../0003-MDEV-21140-Make-galera_recovery.sh-work-with-fs.protected_regular.patch
 }
 
 build() {

More information about the arch-commits mailing list