rpms/mariadb10.11
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main-riscv64
rpms:f40
rpms:f41
rpms:main
rpms:private-test-11.2
..
compare: rpms:private-test-11.2
Branches Tags
rpms:main-riscv64
rpms:f40
rpms:f41
rpms:main
rpms:rawhide
rpms:private-test-11.2

2 Commits
rawhide ... private-te

Author SHA1 Message Date
Honza Horak
18c71c41ef Fix filenames in the files section 2024-02-18 17:39:41 +01:00
Honza Horak
6c3626c330 Update to non-LTS version for testing 2024-02-15 12:47:52 +01:00
13 changed files with 96 additions and 945 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,4 +1,3 @@
/*/
/*.rpm
/*.tar.gz
/*.zip

132
README.wsrep_sst_rsync_tunnel
View File

@ -1,132 +0,0 @@
socat tunnel for encrypted rsync SST
====================================
`wsrep_sst_rsync_tunnel` is an extension of the rsync-based [SST](http://galeracluster.com/documentation-webpages/glossary.html#term-state-snapshot-transfer)
implementation that ships with mariadb. Its purpose is to encrypt
communication between the donor and the joiner during an SST.
Encryption is implemented by means of a socat tunnel, using OPENSSL
addresses. It can be configured via the regular openssl flags exposed
by socat.
## How to configure the script
This SST script can configured by setting a few keys in your favorite
mariadb option file in addition to the usual galera settings.
[mysqld]
...
bind_address=<node-name>
wsrep_sst_method=rsync_tunnel
...
[sst]
tca=/path/to/your/ca-file.crt
tcert=/path/to/node/certificate.crt
tkey=/path/to/node/key.key
sockopt=<openssl-address-options-as-per-socat-manual>
When a joiner node requests an SST, `wsrep_sst_rsync_tunnel` uses
socat to listen to incoming SSL connections on port 4444 in lieu of
the original rsync daemon. Received data will be forwarded to the
rscynd daemon started locally to replicate the database.
When a donor node serves the SST, `wsrep_sst_rsync_tunnel` makes
a series of rsync calls that target a locally started socat daemon.
The daemon tunnels all rsync traffic into an encrypted SSL connection
that targets the joiner's end of the socat tunnel.
Encryption parameters are specified under the `[sst]` group in the
mariadb option file, where `tkey` and `tcert` are respectively the key
and the certificate that are used by both sides of the socat tunnel.
Each node typically has a different key and cert. Both key and
certificate can be combined into a single PEM file and referenced by
`tcert`. Option `tca` holds a list of the trusted signing
certificates.
In case you need to tweak the creation of the SSL connection, you can
pass valid socat options (as per socat manual) via the `sockopt` key.
For debugging purpose, the exact socat command that is being executed
shows up in the mariadb log file.
Note that socat verifies that the certificate's commonName matches
that of the host that is being targeted. The target name comes from
the value configured in `bind_address`, so it's important that it
matches the certificate's commonName. An IP address can be used for
`bind_address`, but you may get into trouble in case different
hostnames resolve to the same IP (e.g. multiple networks per host).
## Examples of use
Suppose you're running a 3-node galera cluster
`node1.my.cluster`, `node2.my.cluster`, `node3.my.cluster`.
### Scenario: using self-signed certificates
On each node, create a key and a certificate, and bundle them into a
single PEM file. For instance on `node1.my.cluster`:
openssl genrsa -out /tls/mysql-$(hostname -f).key 2048
openssl req -new -key /tls/mysql-$(hostname -f).key -x509 -days 365000 -subj "/CN=$(hostname -f)" -out /tls/mysql-$(hostname -f).crt -batch
cat /tls/mysql-$(hostname -f).key /tls/mysql-$(hostname -f).crt > /tls/mysql.pem
Then, on each node, create a cafile that will contain all the certs to
trust:
for n in node1.my.cluster node2.my.cluster node3.my.cluster; do
ssh $n 'cat /tls/mysql-$(hostname -f).crt' >> /tls/all-mysql.crt
done
Once you have those two files on each host, you can configure the SST
appropriately. For instance from `/etc/my.cnf.d/galera.cnf`:
[mysqld]
...
[sst]
tca=/tls/all-mysql.crt
tcert=/tls/mysql.pem
### Scenario: using self-signed certificates, without verification
By default, when socat tries to establish a SSL connection to a peer,
it also verifies that it can trust the peer's certificate. If for some
reason you need to disable that feature, you can amend the previous
configuration with a sockopt option:
[mysqld]
...
[sst]
tca=/tls/all-mysql.crt
tcert=/tls/mysql.pem
sockopt="verify=0"
The associated sockopt value is passed to socat when
the donor or the joiner configures his part of the tunnel.
Note: please do not do so in production, this is inherently insecure
as you will not verify the identity of the peer you're connecting to!
### Scenario: using certificates from a CA
Suppose you have a FreeIPA service which generated a key file and a
certificate file for the three galera nodes, respectively located at
/tls/mysql.key and /tls/mysql.crt.
Assuming that the certificate for the FreeIPA server is available at
/etc/ipa/ca.crt, you can configure you galera servers as follows:
[sst]
tca=/etc/ipa/ca.crt
tcert=/tls/mysql.crt
tkey=/tls/mysql.key
## License
Copyright © 2017 [Damien Ciabrini](https://github.com/dciabrin).
This work is derived from the original `wsrep_rsync_sst`, copyright
© 2010-2014 [Codership Oy](https://github.com/codership).
Released under the GNU GPLv2.

6
gating.yaml
View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

31
mariadb-libfmt.patch
View File

@ -1,31 +0,0 @@
MariaDB upstream uses an old version (8.0) of the FMT library, unlike Fedora which packs a current one (10.2)
https://src.fedoraproject.org/rpms/fmt
https://github.com/MariaDB/server/blob/10.11/cmake/libfmt.cmake#L18
There is a breaking change between the FMT library version 8 and 10.
Sergei Golubchik from MariaDB upstream noticed that and decided to not rebase to the newer version for now. In the same commit:
https://github.com/MariaDB/server/commit/b5c367cd88e37091ab5f8dab0396c01c97d037e2
He also fixed the CMake file controlling the FMT library.
It now correctly detects, whether the system version is able to compile a given code in an expected way.
The incompatibility between FMT library version has been reported both agains Fedora and FMT upstream
https://bugzilla.redhat.com/show_bug.cgi?id=2266807
The upstream created a patch and Fedora backported it
https://src.fedoraproject.org/rpms/fmt/c/7d6d6e2c33e845b3cbf3fcaf83f14dfeddfa8a70?branch=rawhide
but only in F40 and later.
To avoid potential issues on systems with FMT library between 8.0 and the one with the fix backported,
introduce a bundling mechanism for use on such distributions.
We pre-download the sources archive and supply the CMake with it, instead of the web URL.
--- mariadb-10.11.10/cmake/libfmt.cmake 2024-10-29 15:32:31.000000000 +0100
+++ mariadb-10.11.10/cmake/libfmt.cmake_patched 2024-11-14 12:06:35.961435488 +0100
@@ -15,7 +15,7 @@ MACRO(BUNDLE_LIBFMT)
ExternalProject_Add(
libfmt
PREFIX "${dir}"
- URL "https://github.com/fmtlib/fmt/releases/download/11.0.2/fmt-11.0.2.zip"
+ URL "file:///${dir}/fmt-11.0.2.zip"
URL_MD5 c622dca45ec3fc95254c48370a9f7a1d
INSTALL_COMMAND ""
CONFIGURE_COMMAND ""

70
mariadb-mtr.patch
View File

@ -1,70 +0,0 @@
diff --git a/mysql-test/mariadb-test-run.pl b/mysql-test/mariadb-test-run.pl
index 594e052a16e..6a274b2d597 100755
--- a/mysql-test/mariadb-test-run.pl
+++ b/mysql-test/mariadb-test-run.pl
@@ -1491,7 +1491,6 @@ sub command_line_setup {
mtr_warning ("Port base $opt_port_base rounded down to multiple of 10");
$opt_port_base-= $rem;
}
- $opt_build_thread= $opt_port_base / 10 - 1000;
}
# --------------------------------------------------------------------------
@@ -1719,11 +1718,6 @@ sub command_line_setup {
# an environment variable can be used to control all ports. A small
# number is to be used, 0 - 16 or similar.
#
-# Note the MASTER_MYPORT has to be set the same in all 4.x and 5.x
-# versions of this script, else a 4.0 test run might conflict with a
-# 5.1 test run, even if different MTR_BUILD_THREAD is used. This means
-# all port numbers might not be used in this version of the script.
-#
# Also note the limitation of ports we are allowed to hand out. This
# differs between operating systems and configuration, see
# http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
@@ -1734,10 +1728,14 @@ sub set_build_thread_ports($) {
if ( lc($opt_build_thread) eq 'auto' ) {
my $found_free = 0;
- $build_thread = 300; # Start attempts from here
- my $build_thread_upper = $build_thread + ($opt_parallel > 1500
- ? 3000
- : 2 * $opt_parallel) + 300;
+ if ($opt_port_base eq "auto") {
+ $build_thread = 15000;
+ } else {
+ $build_thread = $opt_port_base;
+ }
+ $build_thread += ($thread - 1) * $opt_port_group_size;
+ my $build_thread_upper = $build_thread + $opt_parallel * 2;
+
while (! $found_free)
{
$build_thread= mtr_get_unique_id($build_thread, $build_thread_upper);
@@ -1754,7 +1752,7 @@ sub set_build_thread_ports($) {
}
else
{
- $build_thread = $opt_build_thread + $thread - 1;
+ $build_thread = $opt_port_base + $thread - 1;
if (! check_ports_free($build_thread)) {
# Some port was not free(which one has already been printed)
mtr_error("Some port(s) was not free")
@@ -1763,7 +1761,7 @@ sub set_build_thread_ports($) {
$ENV{MTR_BUILD_THREAD}= $build_thread;
# Calculate baseport
- $baseport= $build_thread * $opt_port_group_size + 10000;
+ $baseport= $build_thread;
if ( $baseport < 5001 or $baseport + $opt_port_group_size >= 32767 )
{
mtr_error("MTR_BUILD_THREAD number results in a port",
@@ -2968,7 +2966,7 @@ sub kill_leftovers ($) {
sub check_ports_free ($)
{
my $bthread= shift;
- my $portbase = $bthread * $opt_port_group_size + 10000;
+ my $portbase = $bthread;
for ($portbase..$portbase+($opt_port_group_size-1)){
if (mtr_ping_port($_)){
mtr_report(" - 'localhost:$_' was not free");

21
mariadb-ownsetup.patch
View File

@ -1,6 +1,7 @@
--- mariadb-10.4.14/support-files/CMakeLists.txt 2020-08-06 17:28:28.000000000 +0200
+++ mariadb-10.4.14/support-files/CMakeLists.txt_patched 2020-09-03 13:21:07.826658279 +0200
@@ -187,6 +187,7 @@ IF(UNIX)
diff -up mariadb-11.2.2/support-files/CMakeLists.txt.patch9 mariadb-11.2.2/support-files/CMakeLists.txt
--- mariadb-11.2.2/support-files/CMakeLists.txt.patch9 2023-11-19 08:41:57.000000000 +0100
+++ mariadb-11.2.2/support-files/CMakeLists.txt 2024-02-01 22:34:07.518104344 +0100
@@ -237,6 +237,7 @@ IF(UNIX AND NOT WITHOUT_SERVER)
COMPONENT SharedLibraries)
INSTALL(FILES rpm/mysql-clients.cnf DESTINATION ${INSTALL_SYSCONF2DIR}
COMPONENT Client)
@ -8,14 +9,13 @@
INSTALL(FILES rpm/server.cnf DESTINATION ${INSTALL_SYSCONF2DIR}
COMPONENT IniFiles)
INSTALL(FILES rpm/enable_encryption.preset DESTINATION ${INSTALL_SYSCONF2DIR}
diff -up mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup mariadb-10.0.15/support-files/rpm/server.cnf
--- mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup 2015-01-24 23:55:55.110063592 +0100
+++ mariadb-10.0.15/support-files/rpm/server.cnf 2015-01-24 23:57:42.308114387 +0100
@@ -9,7 +9,16 @@
[server]
diff -up mariadb-11.2.2/support-files/rpm/server.cnf.patch9 mariadb-11.2.2/support-files/rpm/server.cnf
--- mariadb-11.2.2/support-files/rpm/server.cnf.patch9 2024-02-01 22:34:07.518104344 +0100
+++ mariadb-11.2.2/support-files/rpm/server.cnf 2024-02-01 22:35:11.235350567 +0100
@@ -12,7 +12,15 @@
[mariadb]
# this is only for the mysqld standalone daemon
# This group is read by both MariaDB and MySQL servers
+# Settings user and group are ignored when systemd is used.
+# If you need to run mysqld under a different user or group,
+# customize your systemd unit file for mysqld/mariadb according to the
@ -25,7 +25,6 @@ diff -up mariadb-10.0.15/support-files/rpm/server.cnf.ownsetup mariadb-10.0.15/s
+socket=@MYSQL_UNIX_ADDR@
+log-error=@LOG_LOCATION@
+pid-file=@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid
+
#
# * Galera-related settings

10
mariadb-scripts.patch
View File

@ -1,11 +1,11 @@
We have some downstream patches and other scripts that include variables to
be expanded by cmake. Cmake needs to know about them, so adding them manually.
# Install libgcc as mylibgcc.a
--- mariadb-10.5.5/scripts/CMakeLists.txt.old 2020-09-24 10:13:35.272589689 +0200
+++ mariadb-10.5.5/scripts/CMakeLists.txt 2020-09-24 10:17:31.428985798 +0200
@@ -377,6 +377,34 @@
INSTALL_LINK(${file} ${binname} ${INSTALL_BINDIR} ${${file}_COMPONENT})
diff -up mariadb-11.2.2/scripts/CMakeLists.txt.patch7 mariadb-11.2.2/scripts/CMakeLists.txt
--- mariadb-11.2.2/scripts/CMakeLists.txt.patch7 2023-11-19 08:41:57.000000000 +0100
+++ mariadb-11.2.2/scripts/CMakeLists.txt 2024-02-01 22:41:21.031114440 +0100
@@ -388,6 +388,34 @@ ELSE()
INSTALL_LINK(${file} ${binname} ${INSTALL_BINDIR} ${${file}_COMPONENT}Symlinks)
ENDIF()
ENDFOREACH()
+

13
mariadb-ssl-cipher-tests.patch Normal file
View File

@ -0,0 +1,13 @@
diff -up mariadb-10.3.9/mysql-test/main/ssl_cipher.test.fixtest mariadb-10.3.9/mysql-test/main/ssl_cipher.test
--- mariadb-10.3.13/mysql-test/main/ssl_cipher.test 2019-02-20 08:59:09.000000000 +0100
+++ mariadb-10.3.13/mysql-test/main/ssl_cipher.test_patched 2019-02-22 11:22:01.250256060 +0100
@@ -97,7 +97,9 @@ drop user mysqltest_1@localhost;
let $restart_parameters=--ssl-cipher=AES128-SHA;
source include/restart_mysqld.inc;
connect (ssl_con,localhost,root,,,,,SSL);
+--replace_regex /TLS_AES_.*/AES128-SHA/
SHOW STATUS LIKE 'Ssl_cipher';
+--replace_regex /TLS_AES_.*/AES128-SHA/
SHOW STATUS LIKE 'Ssl_cipher_list';
disconnect ssl_con;
connection default;

232
mariadb10.11.spec
View File

@ -1,13 +1,13 @@
# Plain package name for cases, where %%{name} differs (e.g. for versioned packages)
# Plain package name for cases, where %{name} differs (e.g. for versioned packages)
%global majorname mariadb
%define package_version 10.11.10
%define package_version 11.2.2
%define majorversion %(echo %{package_version} | cut -d'.' -f1-2 )
# Set if this package will be the default one in distribution
%{!?mariadb_default:%global mariadb_default 1}
%{!?mariadb_default:%global mariadb_default 0}
# Regression tests may take a long time (many cores recommended), skip them by
%{!?runselftest:%global runselftest 1}
%{!?runselftest:%global runselftest 0}
# Set this to 1 to see which tests fail, but 0 on production ready build
%global ignore_testsuite_result 0
@ -15,7 +15,7 @@
# The last version on which the full testsuite has been run
# In case of further rebuilds of that version, don't require full testsuite to be run
# run only "main" suite
%global last_tested_version 10.11.10
%global last_tested_version 11.2.2
# Set to 1 to force run the testsuite even if it was already tested in current version
%global force_run_testsuite 0
@ -45,17 +45,8 @@
%bcond_without test
%endif
# Page compression algorithms for various storage engines
# Page compression algorithms for InnoDB & XtraDB
%bcond_without lz4
%bcond_without bzip2
%bcond_without lzo
%bcond_without snappy
%bcond_without zstd
%if 0%{?fedora}
%bcond_without lzma
%else
%bcond_with lzma
%endif
# Aditional SELinux rules from a standalone package 'mysql-selinux' (that holds rules shared between MariaDB and MySQL)
%bcond_without require_mysql_selinux
@ -63,16 +54,11 @@
# For deep debugging we need to build binaries with extra debug info
%bcond_with debug
# Authentication plugins
%bcond_without gssapi
# PAM authentication plugin
%if !0%{?flatpak}
%bcond_without pam
%endif
%if 0%{?fedora}
%bcond_without hashicorp
%else
%bcond_with hashicorp
%endif
# The Open Query GRAPH engine (OQGRAPH) is a computation engine allowing
# hierarchies and more complex graph structures to be handled in a relational fashion
@ -120,14 +106,7 @@
%bcond_without unbundled_pcre
%else
%bcond_with unbundled_pcre
%global pcre_bundled_version 10.44
%endif
# To avoid issues with a breaking change in FMT library, bundle it on systems where FMT wasn't fixed yet
# See mariadb-libfmt.patch for detailed description.
%bcond bundled_fmt 1
%if %{with bundled_fmt}
%global fmt_bundled_version 11.0.2
%global pcre_bundled_version 10.42
%endif
# Include systemd files
@ -157,21 +136,17 @@
Name: %{majorname}%{majorversion}
Version: %{package_version}
Release: 1%{?with_debug:.debug}%{?dist}
Release: 3%{?with_debug:.debug}.alternative%{?dist}
Epoch: 3
Summary: A very fast and robust SQL database server
URL: http://mariadb.org
License: ( GPL-2.0-only OR Apache-2.0 ) AND ( GPL-2.0-or-later OR Apache-2.0 ) AND BSD-2-Clause AND BSD-3-Clause AND CC-BY-4.0 AND GPL-2.0-only AND GPL-2.0-or-later AND GPL-3.0-or-later AND ( GPL-3.0-or-later WITH Bison-exception-2.2 ) AND LGPL-2.0-only AND LGPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OpenSSL AND MIT AND OFL-1.1 AND CC0-1.0 AND PHP-3.0 AND PHP-3.01 AND zlib AND dtoa AND FSFAP AND blessing AND Info-ZIP AND Boehm-GC
License: GPLv2 and LGPLv2
Source0: https://downloads.mariadb.org/interstitial/mariadb-%{version}/source/mariadb-%{version}.tar.gz
%if %{with bundled_fmt}
Source1: https://github.com/fmtlib/fmt/releases/download/%{fmt_bundled_version}/fmt-%{fmt_bundled_version}.zip
%endif
Source2: mysql_config_multilib.sh
Source3: my.cnf.in
Source6: README.mariadb-docs
Source8: README.wsrep_sst_rsync_tunnel
Source10: mariadb.tmpfiles.d.in
Source11: mysql.service.in
Source12: mariadb-prepare-db-dir.sh
@ -206,10 +181,6 @@ Source71: LICENSE.clustercheck
# https://jira.mariadb.org/browse/MDEV-12646
Source72: mariadb-server-galera.te
# Script to support encrypted rsync transfers when SST is required between nodes.
# https://github.com/dciabrin/wsrep_sst_rsync_tunnel/blob/master/wsrep_sst_rsync_tunnel
Source73: wsrep_sst_rsync_tunnel
# Patch4: Red Hat distributions specific logrotate fix
# it would be big unexpected change, if we start shipping it now. Better wait for MariaDB 10.2
Patch4: %{majorname}-logrotate.patch
@ -217,12 +188,9 @@ Patch4: %{majorname}-logrotate.patch
Patch7: %{majorname}-scripts.patch
# Patch9: pre-configure to comply with guidelines
Patch9: %{majorname}-ownsetup.patch
# Patch12: fixes of RocksDB for GCC 13
# Patch10: Fix cipher name in the SSL Cipher name test
Patch10: %{majorname}-ssl-cipher-tests.patch
Patch12: rocksdb-6.8-gcc13.patch
# Patch13: bundle the FMT library
Patch13: %{majorname}-libfmt.patch
# Patch14: make MTR port calculation reasonably predictable
Patch14: %{majorname}-mtr.patch
# This macro is used for package/sub-package names in the entire specfile
%if %?mariadb_default
@ -238,14 +206,9 @@ BuildRequires: multilib-rpm-config
BuildRequires: selinux-policy-devel
BuildRequires: systemd systemd-devel
# Page compression algorithms for various storage engines
# Page compression algorithms for InnoDB & XtraDB
BuildRequires: zlib-devel
%{?with_lz4:BuildRequires: lz4-devel >= 1.6}
%{?with_bzip2:BuildRequires: bzip2-devel}
%{?with_lzma:BuildRequires: lzma-sdk-devel}
%{?with_lzo:BuildRequires: lzo-devel}
%{?with_snappy:BuildRequires: snappy-devel}
%{?with_zstd:BuildRequires: libzstd-devel}
%{?with_lz4:BuildRequires: lz4-devel}
# asynchornous operations stuff; needed also for wsrep API
BuildRequires: libaio-devel
@ -255,12 +218,8 @@ BuildRequires: libedit-devel
BuildRequires: ncurses-devel
# debugging stuff
BuildRequires: systemtap-sdt-devel
%if 0%{?fedora} >= 41 || 0%{?rhel} >= 11
BuildRequires: systemtap-sdt-dtrace
%endif
# Bison SQL parser; needed also for wsrep API
BuildRequires: bison >= 2.4
BuildRequires: bison-devel >= 2.4
BuildRequires: bison bison-devel
%{?with_debug:BuildRequires: valgrind-devel}
@ -311,7 +270,7 @@ BuildRequires: perl(warnings)
# for running some openssl tests rhbz#1189180
BuildRequires: openssl openssl-devel
%{!?with_bundled_fmt:BuildRequires: fmt-devel >= 10.2.1-4}
BuildRequires: fmt-devel
Requires: bash coreutils grep
@ -414,11 +373,7 @@ package itself.
%package -n %{pkgname}-common
Summary: The shared files required by server and client
BuildArch: noarch
%if 0%{?flatpak}
Requires: mariadb-connector-c-config
%else
Requires: %{_sysconfdir}/my.cnf
%endif
# Only conflicts, provides would add %%{_isa} provides for noarch,
# which is not wanted
@ -493,17 +448,11 @@ Recommends: %{pkgname}-backup%{?_isa} = %{sameevr}
%{?with_connect:Suggests: %{pkgname}-connect-engine%{?_isa} = %{sameevr}}
%{?with_pam:Suggests: %{pkgname}-pam%{?_isa} = %{sameevr}}
%{?with_bundled_fmt:Provides: bundled(fmt) = %{fmt_bundled_version}}
Suggests: mytop
Suggests: logrotate
%if 0%{?flatpak}
Requires: mariadb-connector-c-config
%else
Requires: %{_sysconfdir}/my.cnf
Requires: %{_sysconfdir}/my.cnf.d
%endif
%virtual_conflicts_and_provides server
@ -511,7 +460,7 @@ Requires: %{_sysconfdir}/my.cnf.d
# For cases, where we want to fix a SELinux issues in MariaDB sooner than patched selinux-policy-targeted package is released
%if %{with require_mysql_selinux}
# The *-selinux package should only be required on SELinux enabled systems. Therefore the following rich dependency syntax should be used:
Requires: (mysql-selinux >= 1.0.10 if selinux-policy-targeted)
Requires: (mysql-selinux if selinux-policy-targeted)
# This ensures that the *-selinux package and all its dependencies are not pulled into containers and other systems that do not use SELinux.
# https://fedoraproject.org/wiki/SELinux/IndependentPolicy#Adding_dependency_to_the_spec_file_of_corresponding_package
%endif
@ -544,8 +493,7 @@ MariaDB is a community developed fork from MySQL.
Summary: The Open Query GRAPH engine for MariaDB
Requires: %{pkgname}-server%{?_isa} = %{sameevr}
# boost and Judy required for oograph
BuildRequires: boost-devel >= 1.40.0
BuildRequires: Judy-devel
BuildRequires: boost-devel Judy-devel
%virtual_conflicts_and_provides oqgraph-engine
@ -804,19 +752,6 @@ sources.
%prep
%setup -q -n %{majorname}-%{version}
# Remove bundled code that is unused (all cases in which we use the system version of the library instead)
# as required by https://docs.fedoraproject.org/en-US/packaging-guidelines/#bundling
rm -r zlib libmariadb/external/zlib
rm -r win libmariadb/win
rm -r extra/wolfssl
rm -r storage/columnstore
rm -r debian
%if %{with bundled_fmt}
mkdir -p redhat-linux-build/extra/libfmt/
mv %{SOURCE1} redhat-linux-build/extra/libfmt/
%endif
# Remove JAR files that upstream puts into tarball
find . -name "*.jar" -type f -exec rm --verbose -f {} \;
# Remove testsuite for the mariadb-connector-c
@ -829,14 +764,15 @@ rm -r storage/rocksdb/
%patch -P4 -p1
%patch -P7 -p1
%patch -P9 -p1
# The test in Patch 10 has been recently updated by upstream
# and the test was disabled in the testuite run
# main.ssl_cipher [ disabled ] MDEV-17184 - Failures with OpenSSL 1.1.1
# Keeping the patch commented out, need to revisit
# once the test is re-enabled by upstream in some future release
#%patch -P10 -p1
%if %{with rocksdb}
%patch -P12 -p1 -d storage/rocksdb/rocksdb/
%endif
%if %{with bundled_fmt}
%patch -P13 -p1
%endif
%patch -P14 -p1
# generate a list of tests that fail, but are not disabled by upstream
cat %{SOURCE50} | tee -a mysql-test/unstable-tests
@ -855,7 +791,7 @@ cat %{SOURCE53} | tee -a mysql-test/unstable-tests
%endif
cp %{SOURCE2} %{SOURCE3} %{SOURCE10} %{SOURCE11} %{SOURCE12} \
%{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE18} %{SOURCE70} %{SOURCE73} scripts
%{SOURCE14} %{SOURCE15} %{SOURCE16} %{SOURCE18} %{SOURCE70} scripts
%if %{with galera}
# prepare selinux policy
@ -938,13 +874,10 @@ fi
-DCONC_WITH_SSL=%{?with_clibrary:ON}%{!?with_clibrary:NO} \
-DWITH_SSL=system \
-DWITH_ZLIB=system \
-DWITH_LIBFMT=%{?with_bundled_fmt:bundled}%{!?with_bundled_fmt:system} \
-DPLUGIN_PROVIDER_LZ4=%{?with_lz4:DYNAMIC}%{!?with_lz4:NO} \
-DWITH_LIBFMT=system \
-DLZ4_LIBS=%{?with_lz4:/usr/%{_lib}/liblz4.so}%{!?with_lz4:} \
-DWITH_INNODB_LZ4=%{?with_lz4:ON}%{!?with_lz4:OFF} \
-DWITH_ROCKSDB_LZ4=%{?with_lz4:ON}%{!?with_lz4:OFF} \
-DPLUGIN_PROVIDER_BZIP2=%{?with_bzip2:DYNAMIC}%{!?with_bzip2:NO} \
-DWITH_ROCKSDB_BZip2=%{?with_bzip2:ON}%{!?with_bzip2:OFF} \
-DPLUGIN_PROVIDER_LZMA=%{?with_lzma:DYNAMIC}%{!?with_lzma:NO} \
\
-DPLUGIN_MROONGA=%{?with_mroonga:DYNAMIC}%{!?with_mroonga:NO} \
-DPLUGIN_OQGRAPH=%{?with_oqgraph:DYNAMIC}%{!?with_oqgraph:NO} \
-DPLUGIN_CRACKLIB_PASSWORD_CHECK=%{?with_cracklib:DYNAMIC}%{!?with_cracklib:NO} \
@ -957,10 +890,11 @@ fi
-DPLUGIN_COLUMNSTORE=NO \
-DPLUGIN_CLIENT_ED25519=OFF \
-DPLUGIN_CACHING_SHA2_PASSWORD=%{?with_clibrary:DYNAMIC}%{!?with_clibrary:OFF} \
-DPLUGIN_AWS_KEY_MANAGEMENT=OFF \
-DPLUGIN_AWS_KEY_MANAGEMENT=NO \
-DCONNECT_WITH_MONGO=OFF \
-DCONNECT_WITH_JDBC=OFF \
-DPLUGIN_HASHICORP_KEY_MANAGEMENT=%{?with_hashicorp:DYNAMIC}%{!?with_hashicorp:NO} \
-DPLUGIN_PROVIDER_LZMA=NO \
-DPLUGIN_HASHICORP_KEY_MANAGEMENT=NO \
%{?with_debug: -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=OFF -DWITH_INNODB_EXTRA_DEBUG=ON -DWITH_VALGRIND=ON}
# The -DSECURITY_HARDENED is used to force a set of compilation flags for hardening
@ -1128,19 +1062,9 @@ ln -s %{_libexecdir}/mariadbd %{buildroot}%{_sbindir}/mariadbd
# copy additional docs into build tree so %%doc will find them
install -p -m 0644 %{SOURCE6} %{basename:%{SOURCE6}}
install -p -m 0644 %{SOURCE16} %{basename:%{SOURCE16}}
%if %{with galera}
# Add wsrep_sst_rsync_tunnel script
install -p -m 0755 scripts/wsrep_sst_rsync_tunnel %{buildroot}%{_bindir}/wsrep_sst_rsync_tunnel
install -p -m 0644 %{SOURCE8} %{basename:%{SOURCE8}}
# install the clustercheck script
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
touch %{buildroot}%{_sysconfdir}/sysconfig/clustercheck
install -p -m 0755 %{_vpath_builddir}/scripts/clustercheck %{buildroot}%{_bindir}/clustercheck
# clustercheck license
install -p -m 0644 %{SOURCE71} %{basename:%{SOURCE71}}
%if %{with galera}
# install galera config file
sed -i -r 's|^wsrep_provider=none|wsrep_provider=%{_libdir}/galera/libgalera_smm.so|' %{_vpath_builddir}/support-files/wsrep.cnf
install -p -m 0644 %{_vpath_builddir}/support-files/wsrep.cnf %{buildroot}%{_sysconfdir}/my.cnf.d/galera.cnf
@ -1152,8 +1076,18 @@ install -p -m 644 -D selinux/%{majorname}-server-galera.pp %{buildroot}%{_datadi
# The replication requires cluster address upon startup (which is end-user specific).
# Disable it entirely, rather than have it failing out-of-the-box.
sed -i 's/^wsrep_on=1/wsrep_on=0/' %{buildroot}%{_sysconfdir}/my.cnf.d/galera.cnf
%else
rm %{buildroot}%{_sysconfdir}/sysconfig/clustercheck
rm %{buildroot}%{_bindir}/{clustercheck,galera_new_cluster}
rm %{buildroot}%{_bindir}/galera_recovery
%endif
# install the clustercheck script
mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
touch %{buildroot}%{_sysconfdir}/sysconfig/clustercheck
install -p -m 0755 %{_vpath_builddir}/scripts/clustercheck %{buildroot}%{_bindir}/clustercheck
# remove duplicate logrotate script
rm %{buildroot}%{_datadir}/mariadb/mariadb.logrotate
# Remove AppArmor files
@ -1245,7 +1179,7 @@ rm %{buildroot}%{_datadir}/%{majorname}/errmsg-utf8.txt
rm -r %{buildroot}%{_datadir}/%{majorname}/{english,czech,danish,dutch,estonian,\
french,german,greek,hungarian,italian,japanese,korean,norwegian,norwegian-ny,\
polish,portuguese,romanian,russian,serbian,slovak,spanish,swedish,ukrainian,hindi,\
bulgarian,chinese,georgian}
bulgarian,chinese,georgian,swahili}
%endif
%if %{without test}
@ -1286,6 +1220,14 @@ rm %{buildroot}%{_mandir}/man1/aria_s3_copy.1*
%check
%if %{with test}
%if %runselftest
# hack to let 32- and 64-bit tests run concurrently on same build machine
export MTR_PARALLEL=1
# Builds might happen at the same host, avoid collision
# The port used is calculated as 20 * MTR_BUILD_THREAD + 10000
# The resulting port must be between 5000 and 32767
# This is the same as using option "--build-thread" for the "mysql-test-run.pl"
export MTR_BUILD_THREAD=$(( $(date +%s) % 1100 ))
# The cmake build scripts don't provide any simple way to control the
# options for mysql-test-run, so ignore the make target and just call it
# manually. Nonstandard options chosen are:
@ -1306,7 +1248,7 @@ rm %{buildroot}%{_mandir}/man1/aria_s3_copy.1*
set -ex
cd %{buildroot}%{_datadir}/mysql-test
export common_testsuite_arguments=" --port-base=$(( $(date +%s) % 20000 + 10000 )) --parallel=auto --force --retry=2 --suite-timeout=900 --testcase-timeout=30 --mysqld=--binlog-format=mixed --force-restart --shutdown-timeout=60 --max-test-fail=5 "
export common_testsuite_arguments=" --parallel=auto --force --retry=2 --suite-timeout=900 --testcase-timeout=30 --mysqld=--binlog-format=mixed --force-restart --shutdown-timeout=60 --max-test-fail=5 "
# If full testsuite has already been run on this version and we don't explicitly want the full testsuite to be run
if [[ "%{last_tested_version}" == "%{version}" ]] && [[ %{force_run_testsuite} -eq 0 ]]
@ -1326,9 +1268,6 @@ rm %{buildroot}%{_mandir}/man1/aria_s3_copy.1*
%else
--skip-test-list=unstable-tests
%endif
# Spider tests can't be run in the Fedora KOJI at this moment, see #2291227
%if 0
# Second run for the SPIDER suites that fail with SCA (ssl self signed certificate)
perl ./mysql-test-run.pl $common_testsuite_arguments --skip-ssl --big-test --suite=spider,spider/bg,spider/bugfix \
%if %{ignore_testsuite_result}
@ -1336,7 +1275,6 @@ rm %{buildroot}%{_mandir}/man1/aria_s3_copy.1*
%else
--skip-test-list=unstable-tests
%endif
%endif
# blank line
fi
@ -1481,6 +1419,7 @@ fi
%lang(bg) %{_datadir}/%{majorname}/bulgarian
%lang(zh) %{_datadir}/%{majorname}/chinese
%lang(ka) %{_datadir}/%{majorname}/georgian
%lang(sw) %{_datadir}/%{majorname}/swahili
%endif
%if %{with galera}
@ -1490,8 +1429,6 @@ fi
%{_bindir}/clustercheck
%{_bindir}/galera_new_cluster
%{_bindir}/galera_recovery
%{_mandir}/man1/galera_new_cluster.1*
%{_mandir}/man1/galera_recovery.1*
%config(noreplace) %{_sysconfdir}/my.cnf.d/galera.cnf
%attr(0640,root,root) %ghost %config(noreplace) %{_sysconfdir}/sysconfig/clustercheck
%{_datadir}/selinux/packages/targeted/%{majorname}-server-galera.pp
@ -1521,21 +1458,16 @@ fi
%if %{with galera}
# wsrep_sst_common should be moved to /usr/share/mariadb: https://jira.mariadb.org/browse/MDEV-14296
%{_bindir}/wsrep_*
%{_mandir}/man1/wsrep_*.1*
%doc README.wsrep_sst_rsync_tunnel
%endif
%config(noreplace) %{_sysconfdir}/my.cnf.d/%{majorname}-server.cnf
%config(noreplace) %{_sysconfdir}/my.cnf.d/enable_encryption.preset
%config(noreplace) %{_sysconfdir}/my.cnf.d/spider.cnf
%{?with_lz4:%config(noreplace) %{_sysconfdir}/my.cnf.d/provider_lz4.cnf}
%{?with_bzip2:%config(noreplace) %{_sysconfdir}/my.cnf.d/provider_bzip2.cnf}
%{?with_lzma:%config(noreplace) %{_sysconfdir}/my.cnf.d/provider_lzma.cnf}
%{?with_lzo:%config(noreplace) %{_sysconfdir}/my.cnf.d/provider_lzo.cnf}
%{?with_snappy:%config(noreplace) %{_sysconfdir}/my.cnf.d/provider_snappy.cnf}
%config(noreplace) %{_sysconfdir}/my.cnf.d/provider_lz4.cnf
#%%config(noreplace) %%{_sysconfdir}/my.cnf.d/provider_lzma.cnf
%{?with_hashicorp:%config(noreplace) %{_sysconfdir}/my.cnf.d/hashicorp_key_management.cnf}
#%%config(noreplace) %%{_sysconfdir}/my.cnf.d/hashicorp_key_management.cnf
%{_sbindir}/mysqld
%{_sbindir}/mariadbd
@ -1569,6 +1501,8 @@ fi
%exclude %{_libdir}/%{majorname}/plugin/auth_pam_tool_dir/auth_pam_tool
%{_mandir}/man1/aria_{chk,dump_log,ftdump,pack,read_log}.1*
%{_mandir}/man1/galera_new_cluster.1*
%{_mandir}/man1/galera_recovery.1*
%{_mandir}/man1/mariadb-service-convert.1*
%{_mandir}/man1/myisamchk.1*
%{_mandir}/man1/myisamlog.1*
@ -1588,6 +1522,7 @@ fi
%{_mandir}/man1/resolveip.1*
%{_mandir}/man1/resolve_stack_dump.1*
%{_mandir}/man8/{mysqld,mariadbd}.8*
%{_mandir}/man1/wsrep_*.1*
%{_mandir}/man1/mysql.server.1*
@ -1595,17 +1530,13 @@ fi
%{_datadir}/%{majorname}/fill_help_tables.sql
%{_datadir}/%{majorname}/maria_add_gis_sp.sql
%{_datadir}/%{majorname}/maria_add_gis_sp_bootstrap.sql
%{_datadir}/%{majorname}/mysql_system_tables.sql
%{_datadir}/%{majorname}/mysql_sys_schema.sql
%{_datadir}/%{majorname}/mysql_system_tables_data.sql
%{_datadir}/%{majorname}/mysql_test_data_timezone.sql
%{_datadir}/%{majorname}/mysql_performance_tables.sql
%{_datadir}/%{majorname}/mysql_test_db.sql
%{_datadir}/%{majorname}/mariadb_system_tables.sql
%{_datadir}/%{majorname}/mariadb_sys_schema.sql
%{_datadir}/%{majorname}/mariadb_system_tables_data.sql
%{_datadir}/%{majorname}/mariadb_test_data_timezone.sql
%{_datadir}/%{majorname}/mariadb_performance_tables.sql
%{_datadir}/%{majorname}/mariadb_test_db.sql
%if %{with mroonga}
%dir %{_datadir}/%{majorname}/mroonga
%dir %{_datadir}/%{majorname}-server
%dir %{_datadir}/%{majorname}-server/groonga
%dir %{_datadir}/%{majorname}-server/groonga-normalizer-mysql
%{_datadir}/%{majorname}/mroonga/install.sql
%{_datadir}/%{majorname}/mroonga/uninstall.sql
%license %{_datadir}/%{majorname}/mroonga/COPYING
@ -1617,8 +1548,8 @@ fi
%endif
%if %{with galera}
%{_datadir}/%{majorname}/wsrep.cnf
%{_datadir}/%{majorname}/wsrep_notify
%endif
%{_datadir}/%{majorname}/wsrep_notify
%dir %{_datadir}/%{majorname}/policy
%dir %{_datadir}/%{majorname}/policy/selinux
%{_datadir}/%{majorname}/policy/selinux/README
@ -1779,38 +1710,9 @@ fi
%endif
%changelog
* Sat Nov 16 2024 Michal Schorm <mschorm@redhat.com> - 3:10.11.10-1
- Rebase to 10.11.10
* Tue Aug 13 2024 Michal Schorm <mschorm@redhat.com> - 3:10.11.9-1
- Rebase to 10.11.9
* Tue Jul 23 2024 Lumír Balhar <lbalhar@redhat.com> - 3:10.11.8-5
- Add new systemtap-sdt-dtrace to build deps
* Thu Jul 18 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3:10.11.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon Jun 10 2024 Michal Schorm <mschorm@redhat.com> - 3:10.11.8-3
- Bump release for rebuild
* Sun Jun 09 2024 Michal Schorm <mschorm@redhat.com> - 3:10.11.8-2
- Add wsrep_sst_rsync_tunnel script
* Fri Jun 07 2024 Michal Schorm <mschorm@redhat.com> - 3:10.11.8-1
- Rebase to 10.11.8
* Thu Jun 06 2024 Michal Schorm <mschorm@redhat.com> - 3:10.11.7-1
- Rebase to 10.11.7
- Patch 10 removed, the main.ssl_cipher test has been fixed
and re-enabled by upstream and now passes on all architectures
* Tue Apr 09 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 3:10.11.6-4
- Fix my.cnf dependency
* Wed Feb 7 2024 Filip Janus <fjanus@redhat.com> - 3:10.11.6-3
- Rename macros related to demodularization
* Wed Jan 31 2024 Filip Janus <fjanus@redhat.com> - 3:10.11.6-2
- Apply demodularization
- the default stream builds mariadb.rpm

27
rh-skipped-tests-base.list
View File

@ -91,30 +91,3 @@ rpl.rpl_rewrite_db_sys_vars :
rpl.rpl_semi_sync_wait_point :
rpl.rpl_trigger :
rpl.rpl_upgrade_master_info :
# Fails since 10.11.7
main.mdev375 :
oqgraph.social :
perfschema.show_aggregate :
archive.archive :
spider/bugfix.ddl_log :
spider/bugfix.mdev_28218 :
spider/bugfix.mdev_28218_mixed :
spider/bugfix.mdev_30370 :
spider/bugfix.mdev_32683 :
spider/bugfix.plugin_load_add_all :
spider/bugfix.plugin_load_add_spider :
spider/bugfix.udf_mysql_func_early :
spider/bugfix.udf_mysql_func_early_init_file :
# Fails since 10.11.8
rpl.rpl_get_lock :
# Fails since 10.11.9
plugins.feedback_plugin_load :
main.init_connect :
# Fails since 10.11.10
main.connect :

3
rh-skipped-tests-s390.list
View File

@ -10,6 +10,3 @@ innodb_gis.rtree_rollback1 :
mariabackup.encrypted_page_corruption :
mariabackup.huge_lsn :
mariabackup.xb_file_key_management :
# Fails since 10.11.9
main.having_cond_pushdown :

3
sources
View File

@ -1,2 +1 @@
SHA512 (mariadb-10.11.10.tar.gz) = 3a8655384813ba515ce185e8a03427785fbea75b3226e2a1db02839dd66c22622ba27eeb2ca7b3d840bba43720a4393bbf71eb4b2b9e41ab837629e89a8b5976
SHA512 (fmt-11.0.2.zip) = 06eba9a2a8d1c2269801e10a00ed26a9344b79bca0391a6b10f35e9716682f8345125fceb96e9ca36ffbd4c0558b0e63e4c45a9dff09a8ee186458ec68e34198
SHA512 (mariadb-11.2.2.tar.gz) = be0c4574954551c04b39eeefdc756f8dd67562dfdfe3c34c0546f6e0c340439326e42743400d15c2931802d91296f1aceeb060c7982412b44b2ea1f6dbf284f6

492
wsrep_sst_rsync_tunnel
View File

@ -1,492 +0,0 @@
#!/bin/bash -ue
# Copyright (C) 2010-2014 Codership Oy
# Copyright (C) 2017-2020 Damien Ciabrini <damien.ciabrini@gmail.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; see the file COPYING. If not, write to the
# Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston
# MA 02110-1301 USA.
# This is a reference script for rsync-based state snapshot tansfer
# over an encrypted communication channel, managed by socat
RSYNC_PID= # rsync pid file
RSYNC_CONF= # rsync configuration file
RSYNC_REAL_PID= # rsync process id
SOCAT_PID= # socat pid file
SOCAT_REAL_PID= # socat process id
SOCAT_OPTS= # openssl connection args
MODULE="rsync_tunnel_sst"
OS=$(uname)
[ "$OS" == "Darwin" ] && export -n LD_LIBRARY_PATH
# Setting the path for lsof on CentOS
export PATH="/usr/sbin:/sbin:$PATH"
. $(dirname $0)/wsrep_sst_common
wsrep_check_programs rsync socat
cleanup_pid()
{
local real_pid=$1
[ "0" != "$real_pid" ] && \
kill $real_pid && \
sleep 0.5 && \
kill -9 $real_pid >/dev/null 2>&1 || \
:
}
cleanup_tunnel()
{
if [ -n "$SOCAT_REAL_PID" ] && ps -p "$SOCAT_REAL_PID" >/dev/null 2>&1; then
wsrep_log_info "cleanup socat PID: $SOCAT_REAL_PID"
cleanup_pid $SOCAT_REAL_PID
fi
rm -rf "$SOCAT_PID"
}
cleanup_joiner()
{
wsrep_log_info "Joiner cleanup. rsync PID: $RSYNC_REAL_PID"
[ -n "$RSYNC_REAL_PID" ] && cleanup_pid $RSYNC_REAL_PID
rm -rf "$RSYNC_CONF"
rm -rf "$MAGIC_FILE"
rm -rf "$RSYNC_PID"
cleanup_tunnel
wsrep_log_info "Joiner cleanup done."
if [ "${WSREP_SST_OPT_ROLE}" = "joiner" ];then
wsrep_cleanup_progress_file
fi
}
# Check whether process is still running.
check_pid()
{
local pid_file=$1
[ -r "$pid_file" ] && ps -p $(cat $pid_file) >/dev/null 2>&1
}
check_pid_and_port()
{
local pid_file=$1
local service_pid=$2
local service_port=$3
local service_host=$4
local service_name=$5
if ! which lsof > /dev/null; then
wsrep_log_error "lsof tool not found in PATH! Make sure you have it installed."
exit 2 # ENOENT
fi
local port_info=$(lsof -i "@"$service_host:$service_port -Pn 2>/dev/null | \
grep "(LISTEN)")
local is_service=$(echo $port_info | \
grep -w '^'"$service_name"'[[:space:]]\+'"$service_pid" 2>/dev/null)
if [ -n "$port_info" -a -z "$is_service" ]; then
wsrep_log_error "$service_name daemon port '$service_port' has been taken"
exit 16 # EBUSY
fi
if ! check_pid $pid_file; then
wsrep_log_error "$service_name process terminated unexpectedly"
exit 10 # ECHILD
fi
[ -n "$port_info" ] && [ -n "$is_service" ] && \
[ $(cat $pid_file) -eq $service_pid ]
}
config_from_cnf()
{
local group=$1
local key=$2
echo $($MY_PRINT_DEFAULTS $group | grep -- "--$key=" | cut -d= -f2- | tail -1)
}
setup_tunnel_args()
{
tca=$(config_from_cnf sst tca)
tkey=$(config_from_cnf sst tkey)
tcert=$(config_from_cnf sst tcert)
sockopt=$(config_from_cnf sst sockopt)
if [ -z "$tcert" ]; then
wsrep_log_error "Encryption certificate not found in my.cnf"
exit 3
else
SOCAT_OPTS="cert=$tcert"
fi
[ -n "$tkey" ] && SOCAT_OPTS="$SOCAT_OPTS,key=$tkey"
[ -n "$tca" ] && SOCAT_OPTS="$SOCAT_OPTS,cafile=$tca"
wsrep_log_info "Encryption setting to be used for socat tunnel: $SOCAT_OPTS"
[ -n "$sockopt" ] && SOCAT_OPTS="$SOCAT_OPTS,$sockopt"
}
MAGIC_FILE="$WSREP_SST_OPT_DATA/rsync_tunnel_sst_complete"
rm -rf "$MAGIC_FILE"
BINLOG_TAR_FILE="$WSREP_SST_OPT_DATA/wsrep_sst_binlog.tar"
BINLOG_N_FILES=1
rm -f "$BINLOG_TAR_FILE" || :
if ! [ -z $WSREP_SST_OPT_BINLOG ]
then
BINLOG_DIRNAME=$(dirname $WSREP_SST_OPT_BINLOG)
BINLOG_FILENAME=$(basename $WSREP_SST_OPT_BINLOG)
fi
WSREP_LOG_DIR=${WSREP_LOG_DIR:-""}
# if WSREP_LOG_DIR env. variable is not set, try to get it from my.cnf
if [ -z "$WSREP_LOG_DIR" ]; then
WSREP_LOG_DIR=$($MY_PRINT_DEFAULTS --mysqld \
| grep -- '--innodb[-_]log[-_]group[-_]home[-_]dir=' \
| cut -b 29- )
fi
if [ -n "$WSREP_LOG_DIR" ]; then
# handle both relative and absolute paths
WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; mkdir -p "$WSREP_LOG_DIR"; cd $WSREP_LOG_DIR; pwd -P)
else
# default to datadir
WSREP_LOG_DIR=$(cd $WSREP_SST_OPT_DATA; pwd -P)
fi
# Old filter - include everything except selected
# FILTER=(--exclude '*.err' --exclude '*.pid' --exclude '*.sock' \
# --exclude '*.conf' --exclude core --exclude 'galera.*' \
# --exclude grastate.txt --exclude '*.pem' \
# --exclude '*.[0-9][0-9][0-9][0-9][0-9][0-9]' --exclude '*.index')
# New filter - exclude everything except dirs (schemas) and innodb files
FILTER=(-f '- /lost+found' -f '- /.fseventsd' -f '- /.Trashes'
-f '+ /wsrep_sst_binlog.tar' -f '+ /ib_lru_dump' -f '+ /ibdata*' -f '+ /*/' -f '- /*')
SOCAT_PID="$WSREP_SST_OPT_DATA/$MODULE-socat.pid"
if check_pid $SOCAT_PID
then
wsrep_log_error "socat tunnel already running."
exit 114 # EALREADY
fi
rm -rf "$SOCAT_PID"
setup_tunnel_args
if [ "$WSREP_SST_OPT_ROLE" = "donor" ]
then
SOCAT_JOINER_ADDR=$(echo $WSREP_SST_OPT_ADDR | awk -F'/' '{print $1}')
# map to name in case we received an IP
SOCAT_JOINER_HOST=$(getent hosts $SOCAT_JOINER_ADDR | awk '{ print $2 }')
if [ -z "$SOCAT_JOINER_HOST" ]; then
SOCAT_JOINER_HOST=$SOCAT_JOINER_ADDR
fi
SOCAT_PORT=$(echo $SOCAT_JOINER_ADDR | awk -F ':' '{ print $2 }')
if [ -z "$SOCAT_PORT" ]
then
SOCAT_PORT=4444
fi
TARGET_ADDR=localhost:$SOCAT_PORT/$MODULE
trap cleanup_tunnel EXIT
# Socat forwards rsync connections to the joiner
SOCAT_SRC=tcp-listen:$SOCAT_PORT,bind=localhost,reuseaddr,fork
SOCAT_DST=openssl:$SOCAT_JOINER_HOST,$SOCAT_OPTS
wsrep_log_info "Setting up tunnel for donor: socat $SOCAT_SRC $SOCAT_DST"
socat $SOCAT_SRC $SOCAT_DST &
SOCAT_REAL_PID=$!
# This is ok because a local galera node doesn't run SST concurrently
echo $SOCAT_REAL_PID >"$SOCAT_PID"
until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT localhost "socat"
do
sleep 0.2
done
if [ $WSREP_SST_OPT_BYPASS -eq 0 ]
then
FLUSHED="$WSREP_SST_OPT_DATA/tables_flushed"
ERROR="$WSREP_SST_OPT_DATA/sst_error"
rm -rf "$FLUSHED"
rm -rf "$ERROR"
# Use deltaxfer only for WAN
inv=$(basename $0)
[ "$inv" = "wsrep_sst_rsync_wan" ] && WHOLE_FILE_OPT="" \
|| WHOLE_FILE_OPT="--whole-file"
echo "flush tables"
# Wait for :
# (a) Tables to be flushed, AND
# (b) Cluster state ID & wsrep_gtid_domain_id to be written to the file, OR
# (c) ERROR file, in case flush tables operation failed.
while [ ! -r "$FLUSHED" ] && ! grep -q ':' "$FLUSHED" >/dev/null 2>&1
do
# Check whether ERROR file exists.
if [ -f "$ERROR" ]
then
# Flush tables operation failed.
rm -rf "$ERROR"
exit 255
fi
sleep 0.2
done
STATE="$(cat $FLUSHED)"
rm -rf "$FLUSHED"
sync
if ! [ -z $WSREP_SST_OPT_BINLOG ]
then
# Prepare binlog files
pushd $BINLOG_DIRNAME &> /dev/null
binlog_files_full=$(tail -n $BINLOG_N_FILES ${BINLOG_FILENAME}.index)
binlog_files=""
for ii in $binlog_files_full
do
binlog_files="$binlog_files $(basename $ii)"
done
if ! [ -z "$binlog_files" ]
then
wsrep_log_info "Preparing binlog files for transfer:"
tar -cvf $BINLOG_TAR_FILE $binlog_files >&2
fi
popd &> /dev/null
fi
# first, the normal directories, so that we can detect incompatible protocol
RC=0
rsync --owner --group --perms --links --specials \
--ignore-times --inplace --dirs --delete --quiet \
$WHOLE_FILE_OPT "${FILTER[@]}" "$WSREP_SST_OPT_DATA/" \
rsync://$TARGET_ADDR >&2 || RC=$?
if [ "$RC" -ne 0 ]; then
wsrep_log_error "rsync returned code $RC:"
case $RC in
12) RC=71 # EPROTO
wsrep_log_error \
"rsync server on the other end has incompatible protocol. " \
"Make sure you have the same version of rsync on all nodes."
;;
22) RC=12 # ENOMEM
;;
*) RC=255 # unknown error
;;
esac
exit $RC
fi
# second, we transfer InnoDB log files
rsync --owner --group --perms --links --specials \
--ignore-times --inplace --dirs --delete --quiet \
$WHOLE_FILE_OPT -f '+ /ib_logfile[0-9]*' -f '- **' "$WSREP_LOG_DIR/" \
rsync://$TARGET_ADDR-log_dir >&2 || RC=$?
if [ $RC -ne 0 ]; then
wsrep_log_error "rsync innodb_log_group_home_dir returned code $RC:"
exit 255 # unknown error
fi
# then, we parallelize the transfer of database directories, use . so that pathconcatenation works
pushd "$WSREP_SST_OPT_DATA" >/dev/null
count=1
[ "$OS" == "Linux" ] && count=$(grep -c processor /proc/cpuinfo)
[ "$OS" == "Darwin" -o "$OS" == "FreeBSD" ] && count=$(sysctl -n hw.ncpu)
find . -maxdepth 1 -mindepth 1 -type d -not -name "lost+found" -print0 | \
xargs -I{} -0 -P $count \
rsync --owner --group --perms --links --specials \
--ignore-times --inplace --recursive --delete --quiet \
$WHOLE_FILE_OPT --exclude '*/ib_logfile*' "$WSREP_SST_OPT_DATA"/{}/ \
rsync://$TARGET_ADDR/{} >&2 || RC=$?
popd >/dev/null
if [ $RC -ne 0 ]; then
wsrep_log_error "find/rsync returned code $RC:"
exit 255 # unknown error
fi
else # BYPASS
wsrep_log_info "Bypassing state dump."
# Store donor's wsrep GTID (state ID) and wsrep_gtid_domain_id
# (separated by a space).
STATE="$WSREP_SST_OPT_GTID $WSREP_SST_OPT_GTID_DOMAIN_ID"
fi
echo "continue" # now server can resume updating data
echo "$STATE" > "$MAGIC_FILE"
rsync --archive --quiet --checksum "$MAGIC_FILE" rsync://$TARGET_ADDR
# to avoid cleanup race, stop tunnel before declaring the SST finished.
# This ensures galera won't start a new SST locally before we exit.
cleanup_tunnel
echo "done $STATE"
elif [ "$WSREP_SST_OPT_ROLE" = "joiner" ]
then
wsrep_check_programs lsof socat
touch $SST_PROGRESS_FILE
MYSQLD_PID=$WSREP_SST_OPT_PARENT
RSYNC_PID="$WSREP_SST_OPT_DATA/$MODULE.pid"
if check_pid $RSYNC_PID
then
wsrep_log_error "rsync daemon already running."
exit 114 # EALREADY
fi
rm -rf "$RSYNC_PID"
ADDR=$WSREP_SST_OPT_ADDR
RSYNC_PORT=$(echo $ADDR | awk -F ':' '{ print $2 }')
if [ -z "$RSYNC_PORT" ]
then
RSYNC_PORT=4444
ADDR="$(echo $ADDR | awk -F ':' '{ print $1 }'):$RSYNC_PORT"
fi
SOCAT_ADDR=$(echo $ADDR | awk -F ':' '{ print $1 }')
# map to name in case we received an IP
SOCAT_HOST=$(getent hosts $SOCAT_ADDR | awk '{ print $2 }')
if [ -z "$SOCAT_HOST" ]; then
SOCAT_HOST=$SOCAT_ADDR
fi
SOCAT_PORT=$RSYNC_PORT
trap "exit 32" HUP PIPE
trap "exit 3" INT TERM ABRT
trap cleanup_joiner EXIT
RSYNC_CONF="$WSREP_SST_OPT_DATA/$MODULE.conf"
if [ -n "${MYSQL_TMP_DIR:-}" ] ; then
SILENT="log file = $MYSQL_TMP_DIR/rsynd.log"
else
SILENT=""
fi
cat << EOF > "$RSYNC_CONF"
pid file = $RSYNC_PID
use chroot = no
read only = no
timeout = 300
$SILENT
[$MODULE]
path = $WSREP_SST_OPT_DATA
[$MODULE-log_dir]
path = $WSREP_LOG_DIR
EOF
# rm -rf "$DATA"/ib_logfile* # we don't want old logs around
# Socat receives rsync connections from the donor
SOCAT_SRC=openssl-listen:$SOCAT_PORT,bind=$SOCAT_HOST,reuseaddr,fork,$SOCAT_OPTS
SOCAT_DST=tcp:localhost:$RSYNC_PORT
wsrep_log_info "Setting up tunnel for joiner: socat $SOCAT_SRC $SOCAT_DST"
socat $SOCAT_SRC $SOCAT_DST &
SOCAT_REAL_PID=$!
# This is ok because a local galera node doesn't run SST concurrently
echo $SOCAT_REAL_PID >"$SOCAT_PID"
until check_pid_and_port $SOCAT_PID $SOCAT_REAL_PID $SOCAT_PORT $SOCAT_HOST "socat"
do
sleep 0.2
done
wsrep_log_info "rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config \"$RSYNC_CONF\""
rsync --daemon --no-detach --address localhost --port $RSYNC_PORT --config "$RSYNC_CONF" &
RSYNC_REAL_PID=$!
until check_pid_and_port $RSYNC_PID $RSYNC_REAL_PID $RSYNC_PORT localhost "rsync"
do
sleep 0.2
done
echo "ready $ADDR/$MODULE"
# wait for SST to complete by monitoring magic file
while [ ! -r "$MAGIC_FILE" ] && check_pid "$RSYNC_PID" && \
check_pid "$SOCAT_PID" && ps -p $MYSQLD_PID >/dev/null
do
sleep 1
done
# to avoid cleanup race, we can tear down the socat tunnel now
# before signaling the end of the SST to galera.
cleanup_tunnel
if ! ps -p $MYSQLD_PID >/dev/null
then
wsrep_log_error \
"Parent mysqld process (PID:$MYSQLD_PID) terminated unexpectedly."
exit 32
fi
if ! [ -z $WSREP_SST_OPT_BINLOG ]
then
pushd $BINLOG_DIRNAME &> /dev/null
if [ -f $BINLOG_TAR_FILE ]
then
# Clean up old binlog files first
rm -f ${BINLOG_FILENAME}.*
wsrep_log_info "Extracting binlog files:"
tar -xvf $BINLOG_TAR_FILE >&2
for ii in $(ls -1 ${BINLOG_FILENAME}.*)
do
echo ${BINLOG_DIRNAME}/${ii} >> ${BINLOG_FILENAME}.index
done
fi
popd &> /dev/null
fi
if [ -r "$MAGIC_FILE" ]
then
# UUID:seqno & wsrep_gtid_domain_id is received here.
cat "$MAGIC_FILE" # Output : UUID:seqno wsrep_gtid_domain_id
else
# this message should cause joiner to abort
echo "rsync process ended without creating '$MAGIC_FILE'"
fi
wsrep_cleanup_progress_file
# cleanup_joiner
else
wsrep_log_error "Unrecognized role: '$WSREP_SST_OPT_ROLE'"
exit 22 # EINVAL
fi
rm -f $BINLOG_TAR_FILE || :
exit 0