musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Automatically compute and substitute current values for all
$(AUTORELEASE) instances as this feature is deprecated and shouldn't be
used.
The following temporary change was made to the core:
diff --git a/rules.mk b/rules.mk
index 57d7995d4fa8..f16367de87a8 100644
--- a/rules.mk
+++ b/rules.mk
@@ -429,7 +429,7 @@ endef
abi_version_str = $(subst -,,$(subst _,,$(subst .,,$(1))))
COMMITCOUNT = $(if $(DUMP),0,$(call commitcount))
-AUTORELEASE = $(if $(DUMP),0,$(call commitcount,1))
+AUTORELEASE = $(if $(DUMP),0,$(shell sed -i "s/\$$(AUTORELEASE)/$(call commitcount,1)/" $(CURDIR)/Makefile))
all:
FORCE: ;
And this command used to fix affected packages:
for i in $(cd feeds/packages; git grep -l PKG_RELEASE:=.*AUTORELEASE | \
sed 's^.*/\([^/]*\)/Makefile^\1^';);
do
make package/$i/download
done
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Update to the latest upstream version. For more details, see:
https://mariadb.com/kb/en/changes-improvements-in-mariadb-109/
Added new dependency on libfmt.
Following two patches dropped as the issues were fixed in upstream.
* 130-c11_atomics.patch
* 140-mips-connect-unaligned.patch
The rest of the patches were refreshed.
Don't need to disable cassandra and tokudb anymore as they were dropped
from upstream tarball.
Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
We had been creating "rundir" but it was never used, probably leftover
from some removed function. At the same time, we were setting quite
strict rights to the socket directory (while comments sugested
otherwise).
Signed-off-by: Michal Hrusecky <michal@hrusecky.net>
During update we use sudo to start an instance. It probably could be
workarounded, but given the MariaDB size, dependency on sudo shouldn't
be an issue.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
If you are migrating to MariaDB package, you might have old datadir
stored somewhere using different setup with different users. If you
trust us enough to enable autoupgrade, you probably trust us enough to
chown your datadir as well. This can prevent some potential issues.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Remove from default configuration options that are compiled in like
default paths and character set. On the other hand add few examples of
tweak options that might be handy.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Update init script so other user/group can be used. Also make sure that
init script can actually create an empty database instead of forcing the
user to do it by hand. Other new feature is taking care of migration
of the database when upgrading the database.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
The raison d'être of package mariadb-common was to provide common my.cnf
config file that was being used to include subdirectories and then to
push utf-8 as default everywhere. Let's make this file part of the
server package as there we actually set other options as well and drop
it from all clients. Instead let's set utf-8 as default in server,
client and client libraries. While at it also set socket to the more
common path and drop mysqld_safe script from the list of configuration
files and do other minor tweaks.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
liburing is preferred over libaio. So, if liburing has already been
built, mariadb will use it, instead of libaio, failing with a missed
dependency. If it is not found, then libaio is used.
Since it depends on the kernel being built with io_uring support, and it
defaults to y unless SMALL_FLASH=y, then we should allow libaio as
fallback, checking the CONFIG_KERNEL_IO_URING symbol.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
mariadb may detect boost libraries, if the latter has been built with
threads, date_time and chorno support, then it will enable the
columnstore engine, which fails to build.
Set PKG_RELEASE:=$(AUTORLEASE).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
faster to compile.
A small selection of packages was tested going from:
Executed in 696.30 secs fish external
usr time 82.98 mins 395.00 micros 82.98 mins
sys time 9.02 mins 0.00 micros 9.02 mins
to:
Executed in 592.20 secs fish external
usr time 84.84 mins 361.00 micros 84.84 mins
sys time 8.85 mins 57.00 micros 8.85 mins
Tested by running make -j 12 and wiping staging/build_dir/target_x
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The crude loop I wrote to come up with this changeset:
find -L package/feeds/packages/ -name patches | \
sed 's/patches$/refresh/' | sort | xargs make
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Remove few no longer needed bits - like checking that datadir is defined
or mysqld_safe from server package and bumping revision after all the
init script cleanups.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Rewrite init script as mysqladmin requires access to the MySQL which is
hard to guarantee. Use standard signals instead.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Use /srv/mysql as default datadir as /var/lib/mysql is in tmpfs. This
doesn't affect any existing setup as up till now it had to be always
specified in configuration. That is addressed in the second part of this
commit - init script now uses even defaults as compiled in MariaDB so
not everything has to be specified in configuration file.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
On few places, shellcheck gets confused by how some OpenWrt functions
work - especially load ones. Also on few places there are $options
variables that need not to be globbed. Could be rewritten better not to
need them, but I'll do major rewrites later in separate pull request.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Just to make sure, add double quotes around strings and various
variables. In some cases it could prevent some issues, in other cases it
is just a good practice.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
Even though I think that mysql_upgrade is a client package (it depends
on the mysql client and it's in the "client" directory in the source
tree, for instance), upstream laid it out differently. Since upstream
commit ec586f5 mysql_upgrade is to be considered a part of the server,
because the COMPONENT argument in the MYSQL_ADD_EXECUTABLE macro is set
to "Server".
That means that mysql_upgrade is only installed when the server is. So
we need to move it back to the server package, otherwise we will have a
build failure when mariadb-client is selected while mariadb-server is
not. This particular build failure was recently a topic on
openwrt-devel.
Some more binaries are moved, following the layout visible in
"man/CMakeLists.txt", to make sure we follow upstream's vision with
regards to how the binaries are packaged.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
mysqld_safe is the recommended way to start the server on non-systemd
systems ([1]). For instance, it has a crash detection with auto-restart
function, can update ulimits, setup core files, set the niceness of the
server etc. It looks like it could also be helpful when trying to set up
clusters. It's maintained upstream and adding it means we don't need to
add these features into our init script.
mysqld_safe is a script itself, so it's added to conffiles in case users
want to edit it.
It can't be run under procd, so the init script is converted to a normal
System V type. To stop the server and to reload the privileges tables
mysqladmin is used. To that end mysqladmin is moved into the server
package.
While changing the init script, the Debian init script was used for
ideas. It wasn't copied verbatim and adapted a bit here and there.
Thanks to whoever wrote it!
This commit removes the support for starting the service as a user other
than "mariadb". This makes the init script simpler. If anybody wants to
play around with the user then it's up to them to fix the permissions.
[1] https://mariadb.com/kb/en/mysqld_safe/
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
It's really a client. It connects to the running server as a client, to
upgrade the DBs. And it depends on both mysql and mysqlcheck.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
With INSTALL_PAMDIR undefined some items necessary for the auth_pam
module aren't built. This adds the define so that configuration and
shared object become available.
This commit also tightens up the installation of the SUID tool. The
directory it is copied into gets created on the build host already with
u=rwx,g=rx,o=, so it cannot be accessed on target, except by root. The
post-install script then changes group ownership of the directory to the
"mariadb" group only if the directory is really a directory and owned by
"root:root".
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Until now $(INSTALL_CONF) is used for configuration files that go into
/etc/mysql. This commit replaces that with $(INSTALL_DATA). The
configuration files are not only parsed by the server, but also by the
clients (which can be anybody).
This also removes a comment about a cron job from one of the
configuration files. There is no cron job.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Today CVE-2020-7221 was publicly discussed on oss-sec [1]. MariaDB
upstream had not mentioned this CVE in their last release notes. The CVE
is related to auth-pam and the possibility of a local mariadb to root
user exploit in the mysql_install_db script.
Upstream has made amendments to the script, but according to the oss-sec
posts the folder permissions were not updated as they should have been.
In OpenWrt the script mysql_install_db is actually patched to never run
the commands in question. This has been this way since MariaDB 10.4 was
made available.
Still, the directory permissions set by the postinstall script are too
lax. To quote the discoverer of the issue, Matthias Gerstner from Suse,
they exhibit "the dangerous situation of a setuid-root binary residing
in a directory owned by an unprivileged user".
This commit fixes this by changing the permissions to the following:
root:mariadb 0750 /usr/lib/mariadb/plugin/auth_pam_tool_dir
This way the setuid-root binary is only available to root and the
mariadb user, while at the same time the mariadb user has no ownership
of the directory.
[1] https://seclists.org/oss-sec/2020/q1/55
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
MariaDB 10.4 includes some changes in sql/sql_statistics.cc that require
std::fmin and std::fmax. But these functions aren't available when
libstdc++ is compiled against uClibc, because uClibc doesn't pass the
test when libstdc++ checks for C99 math that supports "TR1" facilities
(macro: GLIBCXX_CHECK_C99_TR1).
Hence compilation fails:
[ 90%] Building CXX object sql/CMakeFiles/sql.dir/sql_table.cc.o
/builder/shared-workdir/build/sdk/build_dir/target-arc_archs_uClibc/mariadb-10.4.10/sql/sql_statistics.cc: In member function 'void Column_statistics_collected::finish(ha_rows, double)':
/builder/shared-workdir/build/sdk/build_dir/target-arc_archs_uClibc/mariadb-10.4.10/sql/sql_statistics.cc:2533:20: error: 'fmax' is not a member of 'std'
val = std::fmax(estimate_total_distincts * (rows - nulls) / rows, 1.0);
This commit updates package dependencies to prevent a build against
uClibc. There is no reason to waste CPU cycles on the build bots.
The dependencies are also tidied up. In the past it made sense to define
MARIADB_COMMON_DEPENDS and MARIADB_COMMON_DEPENDS_EXE, because the
server had different dependencies compared to the library. But since the
library is now in its own package we can remove the differentiation.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This adds a few lines to the BuildPlugin routine to install some missing
files for auth_pam as well as ha_spider.
It also adds a postinstall script that updates the ownership of a
directory used by auth_pam.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This way when only wanting the library nobody needs to download and
compile the server package, saving space and time. Also this way we can
avoid sudden SONAME bumps during a server upgrade.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Rosen Penev