From cfcab96219baa454381ec26e450aa7025ab87cb4 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 22 Nov 2024 08:20:17 +1100 Subject: [PATCH 1/4] Reapply "11.5 EOL" This reverts commit 48de289b90fdd82166dda66e0fa616b7acce8dac. --- update.sh | 2 -- versions.json | 56 --------------------------------------------------- 2 files changed, 58 deletions(-) diff --git a/update.sh b/update.sh index 9706f78b..331bda8a 100755 --- a/update.sh +++ b/update.sh @@ -55,8 +55,6 @@ update_version() sed -e '/collation-server/d' docker.cnf > "$dir/docker.cnf" if [[ $version != 11.4 ]]; then sed -i -e '/character-set-collations/d' "$dir/docker.cnf" - fi - if [[ $version != 11.[45] ]]; then sed -i -e '/character-set/d' "$dir/docker.cnf" fi fi diff --git a/versions.json b/versions.json index c25e5331..5facecf5 100644 --- a/versions.json +++ b/versions.json @@ -110,61 +110,5 @@ "ppc64le", "s390x" ] - }, - "11.5": { - "milestone": "11.5", - "version": "11.5.2", - "fullVersion": "1:11.5.2+maria~ubu2404", - "releaseStatus": "Stable", - "supportType": "Short Term Support", - "base": "ubuntu:noble", - "arches": [ - "amd64", - "arm64v8", - "ppc64le", - "s390x" - ] - }, - "11.5-ubi": { - "milestone": "11.5", - "version": "11.5.2", - "fullVersion": "11.5.2", - "releaseStatus": "Stable", - "supportType": "Short Term Support", - "base": "ubi9", - "arches": [ - "amd64", - "arm64v8", - "ppc64le", - "s390x" - ] - }, - "11.6": { - "milestone": "11.6", - "version": "11.6.1", - "fullVersion": "1:11.6.1+maria~ubu2404", - "releaseStatus": "RC", - "supportType": "Short Term Support", - "base": "ubuntu:noble", - "arches": [ - "amd64", - "arm64v8", - "ppc64le", - "s390x" - ] - }, - "11.6-ubi": { - "milestone": "11.6", - "version": "11.6.1", - "fullVersion": "11.6.1", - "releaseStatus": "RC", - "supportType": "Short Term Support", - "base": "ubi9", - "arches": [ - "amd64", - "arm64v8", - "ppc64le", - "s390x" - ] } } From acec2fd71ff4966c80fe32fa7c5366f66cb6944c Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 22 Nov 2024 08:21:46 +1100 Subject: [PATCH 2/4] Revert "Add 11.5 back temporarly" This reverts commit 85df6a9f3d781bb94a88d506eca5c3fcc55d8125. --- 11.5-ubi/Dockerfile | 113 ------ 11.5-ubi/MariaDB.repo | 7 - 11.5-ubi/docker-entrypoint.sh | 718 ---------------------------------- 11.5-ubi/docker.cnf | 15 - 11.5-ubi/healthcheck.sh | 395 ------------------- 11.5/Dockerfile | 142 ------- 11.5/docker-entrypoint.sh | 718 ---------------------------------- 11.5/healthcheck.sh | 395 ------------------- versions.json | 28 ++ 9 files changed, 28 insertions(+), 2503 deletions(-) delete mode 100644 11.5-ubi/Dockerfile delete mode 100644 11.5-ubi/MariaDB.repo delete mode 100755 11.5-ubi/docker-entrypoint.sh delete mode 100644 11.5-ubi/docker.cnf delete mode 100755 11.5-ubi/healthcheck.sh delete mode 100644 11.5/Dockerfile delete mode 100755 11.5/docker-entrypoint.sh delete mode 100755 11.5/healthcheck.sh diff --git a/11.5-ubi/Dockerfile b/11.5-ubi/Dockerfile deleted file mode 100644 index 7c09361d..00000000 --- a/11.5-ubi/Dockerfile +++ /dev/null @@ -1,113 +0,0 @@ -FROM redhat/ubi9-minimal - -# user 999/ group 999, that we want to use for compatibility with the ubuntu image. -RUN groupadd --gid 999 -r mysql && \ - useradd -r -g mysql mysql --home-dir /var/lib/mysql --uid 999 - -ENV GOSU_VERSION 1.17 -RUN set -eux; \ - rpmArch="$(rpm --query --queryformat='%{ARCH}' rpm)"; \ - case "$rpmArch" in \ - aarch64) dpkgArch='arm64' ;; \ - armv7*) dpkgArch='armhf' ;; \ - i686) dpkgArch='i386' ;; \ - ppc64le) dpkgArch='ppc64el' ;; \ - s390x|riscv64) dpkgArch=$rpmArch ;; \ - x86_64) dpkgArch='amd64' ;; \ - *) echo >&2 "error: unknown/unsupported architecture '$rpmArch'"; exit 1 ;; \ - esac; \ - curl --fail --location --output /usr/local/bin/gosu https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch} ; \ - curl --fail --location --output /usr/local/bin/gosu.asc https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${dpkgArch}.asc; \ - GNUPGHOME="$(mktemp -d)"; \ - export GNUPGHOME; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - chmod a+x /usr/local/bin/gosu; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - gosu --version; \ - gosu nobody true - -COPY --chmod=0644 docker.cnf /etc/my.cnf.d/ - -COPY MariaDB.repo /etc/yum.repos.d/ - -# HasRequiredLabel requirement from Red Hat OpenShift Software Certification -# https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html/red_hat_openshift_software_certification_policy_guide/assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction#con-image-metadata-requirements_openshift-sw-cert-policy-container-images -LABEL name="MariaDB Server" \ - vendor="MariaDB Community" \ - version="11.5.2" \ - release="Refer to Annotations org.opencontainers.image.{revision,source}" \ - summary="MariaDB Database" \ - description="MariaDB Database for relational SQL" - -# OCI annotations to image -LABEL org.opencontainers.image.authors="MariaDB Community" \ - org.opencontainers.image.title="MariaDB Database" \ - org.opencontainers.image.description="MariaDB Database for relational SQL" \ - org.opencontainers.image.documentation="https://hub.docker.com/_/mariadb/" \ - org.opencontainers.image.base.name="docker.io/redhat/ubi9-minimal" \ - org.opencontainers.image.licenses="GPL-2.0" \ - org.opencontainers.image.source="https://github.com/MariaDB/mariadb-docker" \ - org.opencontainers.image.vendor="MariaDB Community" \ - org.opencontainers.image.version="11.5.2" \ - org.opencontainers.image.url="https://github.com/MariaDB/mariadb-docker" - -# bashbrew-architectures: amd64 arm64v8 ppc64le s390x -ARG MARIADB_VERSION=11.5.2 -ENV MARIADB_VERSION=$MARIADB_VERSION -# release-status:Unknown -# release-support-type:Unknown -# (https://downloads.mariadb.org/rest-api/mariadb/) - -# missing pwgen(epel), jemalloc(epel) (as entrypoint/user extensions) -# procps, pv(epel) - missing dependencies of galera sst script -# tzdata re-installed as only a fake version is part of the ubi-minimal base image. -# FF8AD1344597106ECE813B918A3872BF3228467C is the Fedora RPM key -# 177F4010FE56CA3336300305F1656F24C74CD1D8 is the MariaDB Server RPM key -RUN set -eux ; \ - curl --fail https://pagure.io/fedora-web/websites/raw/master/f/sites/getfedora.org/static/keys/FF8AD1344597106ECE813B918A3872BF3228467C.txt --output /tmp/epelkey.txt ; \ - GNUPGHOME="$(mktemp -d)"; export GNUPGHOME ; \ - gpg --batch --import /tmp/epelkey.txt ; \ - gpg --batch --armor --export FF8AD1344597106ECE813B918A3872BF3228467C > /tmp/epelkey.txt ; \ - rpmkeys --import /tmp/epelkey.txt ; \ - curl --fail https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm --output /tmp/epel-release-latest-9.noarch.rpm ; \ - rpm -K /tmp/epel-release-latest-9.noarch.rpm ; \ - rpm -ivh /tmp/epel-release-latest-9.noarch.rpm ; \ - rm /tmp/epelkey.txt /tmp/epel-release-latest-9.noarch.rpm ; \ - curl --fail https://supplychain.mariadb.com/MariaDB-Server-GPG-KEY --output /tmp/MariaDB-Server-GPG-KEY ; \ - gpg --batch --import /tmp/MariaDB-Server-GPG-KEY; \ - gpg --batch --armor --export 177F4010FE56CA3336300305F1656F24C74CD1D8 > /tmp/MariaDB-Server-GPG-KEY ; \ - rpmkeys --import /tmp/MariaDB-Server-GPG-KEY ; \ - rm -rf "$GNUPGHOME" /tmp/MariaDB-Server-GPG-KEY ; \ - unset GNUPGHOME ; \ - microdnf update -y ; \ - microdnf reinstall -y tzdata ; \ - microdnf install -y procps-ng zstd xz jemalloc pwgen pv ; \ - mkdir -p /etc/mysql/conf.d /etc/mysql/mariadb.conf.d/ /var/lib/mysql/mysql /run/mariadb /usr/lib64/galera ; \ - chmod ugo+rwx,o+t /run/mariadb ; \ - microdnf install -y MariaDB-backup-${MARIADB_VERSION} MariaDB-server-${MARIADB_VERSION} ; \ - # compatibility with DEB Galera packaging - ln -s /usr/lib64/galera-4/libgalera_smm.so /usr/lib/libgalera_smm.so ; \ - # compatibility with RPM Galera packaging - ln -s /usr/lib64/galera-4/libgalera_smm.so /usr/lib64/galera/libgalera_smm.so ; \ - microdnf clean all ; \ - rmdir /var/lib/mysql/mysql ; \ - chown -R mysql:mysql /var/lib/mysql /run/mariadb ; \ - mkdir /licenses ; \ - ln -s /usr/share/doc/MariaDB-server-${MARIADB_VERSION}/COPYING /licenses/GPL-2 ; \ - ln -s /usr/share/licenses /licenses/package-licenses ; \ - ln -s Apache-2.0-license /licenses/gosu - -VOLUME /var/lib/mysql - -RUN mkdir /docker-entrypoint-initdb.d - -COPY healthcheck.sh /usr/local/bin/healthcheck.sh -COPY docker-entrypoint.sh /usr/local/bin/ - -ENTRYPOINT ["docker-entrypoint.sh"] - -USER mysql -EXPOSE 3306 -CMD ["mariadbd"] diff --git a/11.5-ubi/MariaDB.repo b/11.5-ubi/MariaDB.repo deleted file mode 100644 index 777b623b..00000000 --- a/11.5-ubi/MariaDB.repo +++ /dev/null @@ -1,7 +0,0 @@ -[mariadb] -name = MariaDB -#baseurl = https://rpm.mariadb.org/11.5/rhel/$releasever/$basearch -baseurl = https://archive.mariadb.org/mariadb-11.5/yum/rhel/$releasever/$basearch -#microdnf cannot read to the second key here. -#gpgkey=https://archive.mariadb.org/PublicKey -gpgcheck=1 diff --git a/11.5-ubi/docker-entrypoint.sh b/11.5-ubi/docker-entrypoint.sh deleted file mode 100755 index b562bfaa..00000000 --- a/11.5-ubi/docker-entrypoint.sh +++ /dev/null @@ -1,718 +0,0 @@ -#!/bin/bash -set -eo pipefail -shopt -s nullglob - -# logging functions -mysql_log() { - local type="$1"; shift - printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*" -} -mysql_note() { - mysql_log Note "$@" -} -mysql_warn() { - mysql_log Warn "$@" >&2 -} -mysql_error() { - mysql_log ERROR "$@" >&2 - exit 1 -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - mysql_error "Both $var and $fileVar are set (but are exclusive)" - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# set MARIADB_xyz from MYSQL_xyz when MARIADB_xyz is unset -# and make them the same value (so user scripts can use either) -_mariadb_file_env() { - local var="$1"; shift - local maria="MARIADB_${var#MYSQL_}" - file_env "$var" "$@" - file_env "$maria" "${!var}" - if [ "${!maria:-}" ]; then - export "$var"="${!maria}" - fi -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions -docker_process_init_files() { - # mysql here for backwards compatibility "${mysql[@]}" - # ShellCheck: mysql appears unused. Verify use (or export if used externally) - # shellcheck disable=SC2034 - mysql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - mysql_note "$0: running $f" - "$f" - else - mysql_note "$0: sourcing $f" - # ShellCheck can't follow non-constant source. Use a directive to specify location. - # shellcheck disable=SC1090 - . "$f" - fi - ;; - *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;; - *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) mysql_note "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) mysql_warn "$0: ignoring $f" ;; - esac - echo - done -} - -# arguments necessary to run "mariadbd --verbose --help" successfully (used for testing configuration validity and for extracting default/configured values) -_verboseHelpArgs=( - --verbose --help -) - -mysql_check_config() { - local toRun=( "$@" "${_verboseHelpArgs[@]}" ) errors - if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - mysql_error $'mariadbd failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors" - fi -} - -# Fetch value from server config -# We use mariadbd --verbose --help instead of my_print_defaults because the -# latter only show values present in config files, and not server defaults -mysql_get_config() { - local conf="$1"; shift - "$@" "${_verboseHelpArgs[@]}" 2>/dev/null \ - | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' - # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" -} - -# Do a temporary startup of the MariaDB server, for init purposes -docker_temp_server_start() { - "$@" --skip-networking --default-time-zone=SYSTEM --socket="${SOCKET}" --wsrep_on=OFF \ - --expire-logs-days=0 \ - --skip-slave-start \ - --loose-innodb_buffer_pool_load_at_startup=0 \ - --skip-ssl --ssl-cert='' --ssl-key='' --ssl-ca='' \ - & - declare -g MARIADB_PID - MARIADB_PID=$! - mysql_note "Waiting for server startup" - # only use the root password if the database has already been initialized - # so that it won't try to fill in a password file when it hasn't been set yet - extraArgs=() - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - extraArgs+=( '--dont-use-mysql-root-password' ) - fi - local i - for i in {30..0}; do - if docker_process_sql "${extraArgs[@]}" --database=mysql \ - --skip-ssl --skip-ssl-verify-server-cert \ - <<<'SELECT 1' &> /dev/null; then - break - fi - sleep 1 - done - if [ "$i" = 0 ]; then - mysql_error "Unable to start server." - fi -} - -# Stop the server. When using a local socket file mariadb-admin will block until -# the shutdown is complete. -docker_temp_server_stop() { - kill "$MARIADB_PID" - wait "$MARIADB_PID" -} - -# Verify that the minimally required password settings are set for new databases. -docker_verify_minimum_env() { - # Restoring from backup requires no environment variables - declare -g DATABASE_INIT_FROM_BACKUP - for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do - if [ -f "${file}" ]; then - DATABASE_INIT_FROM_BACKUP='true' - return - fi - done - if [ -z "$MARIADB_ROOT_PASSWORD" ] && [ -z "$MARIADB_ROOT_PASSWORD_HASH" ] && [ -z "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] && [ -z "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then - mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MARIADB_ROOT_PASSWORD, MARIADB_ROOT_PASSWORD_HASH, MARIADB_ALLOW_EMPTY_ROOT_PASSWORD and MARIADB_RANDOM_ROOT_PASSWORD' - fi - # More preemptive exclusions of combinations should have been made before *PASSWORD_HASH was added, but for now we don't enforce due to compatibility. - if [ -n "$MARIADB_ROOT_PASSWORD" ] || [ -n "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] || [ -n "$MARIADB_RANDOM_ROOT_PASSWORD" ] && [ -n "$MARIADB_ROOT_PASSWORD_HASH" ]; then - mysql_error "Cannot specify MARIADB_ROOT_PASSWORD_HASH and another MARIADB_ROOT_PASSWORD* option." - fi - if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then - mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option." - fi - if [ -n "$MARIADB_REPLICATION_USER" ]; then - if [ -z "$MARIADB_MASTER_HOST" ]; then - # its a master, we're creating a user - if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then - mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master" - fi - else - # its a replica - if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then - mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image." - fi - if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then - mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica" - fi - fi - fi - if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then - mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory." - fi -} - -# creates folders for the database -# also ensures permission for user mysql of run as root -docker_create_db_directories() { - local user; user="$(id -u)" - - # TODO other directories that are used by default? like /var/lib/mysql-files - # see https://github.com/docker-library/mysql/issues/562 - mkdir -p "$DATADIR" - - if [ "$user" = "0" ]; then - # this will cause less disk access than `chown -R` - find "$DATADIR" \! -user mysql \( -exec chown mysql: '{}' + -o -true \) - # See https://github.com/MariaDB/mariadb-docker/issues/363 - if [ "${SOCKET:0:1}" != '@' ]; then # not abstract sockets - find "${SOCKET%/*}" -maxdepth 0 \! -user mysql \( -exec chown mysql: '{}' \; -o -true \) - fi - - # memory.pressure - local cgroup; cgroup=$( "$DATADIR"/.my-healthcheck.cnf - $maskPreserve -} - -# Initializes database with timezone info and root password, plus optional extra db/user -docker_setup_db() { - # Load timezone info into database - if [ -z "$MARIADB_INITDB_SKIP_TZINFO" ]; then - # --skip-write-binlog usefully disables binary logging - # but also outputs LOCK TABLES to improve the IO of - # Aria (MDEV-23326) for 10.4+. - mariadb-tzinfo-to-sql --skip-write-binlog /usr/share/zoneinfo \ - | docker_process_sql --dont-use-mysql-root-password --database=mysql - # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet - fi - # Generate random root password - if [ -n "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then - MARIADB_ROOT_PASSWORD="$(pwgen --numerals --capitalize --symbols --remove-chars="'\\" -1 32)" - export MARIADB_ROOT_PASSWORD MYSQL_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD - mysql_note "GENERATED ROOT PASSWORD: $MARIADB_ROOT_PASSWORD" - fi - - # Creates root users for non-localhost hosts - local rootCreate= - local rootPasswordEscaped= - if [ -n "$MARIADB_ROOT_PASSWORD" ]; then - # Sets root password and creates root users for non-localhost hosts - rootPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_ROOT_PASSWORD}") - fi - - # default root to listen for connections from anywhere - if [ -n "$MARIADB_ROOT_HOST" ] && [ "$MARIADB_ROOT_HOST" != 'localhost' ]; then - # ref "read -d ''", no, we don't care if read finds a terminating character in this heredoc - # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 - if [ -n "$MARIADB_ROOT_PASSWORD_HASH" ]; then - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY PASSWORD '${MARIADB_ROOT_PASSWORD_HASH}' ; - GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ; - GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION; - EOSQL - else - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY '${rootPasswordEscaped}' ; - GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ; - GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION; - EOSQL - fi - fi - - local mysqlAtLocalhost= - local mysqlAtLocalhostGrants= - # Install mysql@localhost user - if [ -n "$MARIADB_MYSQL_LOCALHOST_USER" ]; then - read -r -d '' mysqlAtLocalhost <<-EOSQL || true - CREATE USER mysql@localhost IDENTIFIED VIA unix_socket; - EOSQL - if [ -n "$MARIADB_MYSQL_LOCALHOST_GRANTS" ]; then - if [ "$MARIADB_MYSQL_LOCALHOST_GRANTS" != USAGE ]; then - mysql_warn "Excessive privileges ON *.* TO mysql@localhost facilitates risks to the confidentiality, integrity and availability of data stored" - fi - mysqlAtLocalhostGrants="GRANT ${MARIADB_MYSQL_LOCALHOST_GRANTS} ON *.* TO mysql@localhost;"; - fi - fi - - local createHealthCheckUsers - createHealthCheckUsers=$(create_healthcheck_users) - - local rootLocalhostPass= - if [ -z "$MARIADB_ROOT_PASSWORD_HASH" ]; then - # handle MARIADB_ROOT_PASSWORD_HASH for root@localhost after /docker-entrypoint-initdb.d - rootLocalhostPass="SET PASSWORD FOR 'root'@'localhost'= PASSWORD('${rootPasswordEscaped}');" - fi - - local createDatabase= - # Creates a custom database and user if specified - if [ -n "$MARIADB_DATABASE" ]; then - mysql_note "Creating database ${MARIADB_DATABASE}" - createDatabase="CREATE DATABASE IF NOT EXISTS \`$MARIADB_DATABASE\`;" - fi - - local createUser= - local userGrants= - if [ -n "$MARIADB_PASSWORD" ] || [ -n "$MARIADB_PASSWORD_HASH" ] && [ -n "$MARIADB_USER" ]; then - mysql_note "Creating user ${MARIADB_USER}" - if [ -n "$MARIADB_PASSWORD_HASH" ]; then - createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_PASSWORD_HASH';" - else - # SQL escape the user password, \ followed by ' - local userPasswordEscaped - userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_PASSWORD}") - createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';" - fi - - if [ -n "$MARIADB_DATABASE" ]; then - mysql_note "Giving user ${MARIADB_USER} access to schema ${MARIADB_DATABASE}" - userGrants="GRANT ALL ON \`${MARIADB_DATABASE//_/\\_}\`.* TO '$MARIADB_USER'@'%';" - fi - fi - - # To create replica user - local createReplicaUser= - local changeMasterTo= - if [ -n "$MARIADB_REPLICATION_USER" ] ; then - if [ -z "$MARIADB_MASTER_HOST" ]; then - # on master - mysql_note "Creating user ${MARIADB_REPLICATION_USER}" - createReplicaUser=$(create_replica_user) - else - # on replica - local rplPasswordEscaped - rplPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}") - # SC cannot follow how MARIADB_MASTER_PORT is assigned a default value. - # shellcheck disable=SC2153 - changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;" - fi - fi - - mysql_note "Securing system users (equivalent to running mysql_secure_installation)" - # tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set - # --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding. - docker_process_sql --dont-use-mysql-root-password --database=mysql --binary-mode <<-EOSQL - -- Securing system users shouldn't be replicated - SET @orig_sql_log_bin= @@SESSION.SQL_LOG_BIN; - SET @@SESSION.SQL_LOG_BIN=0; - -- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set - SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', ''); - - DROP USER IF EXISTS root@'127.0.0.1', root@'::1'; - EXECUTE IMMEDIATE CONCAT('DROP USER IF EXISTS root@\'', @@hostname,'\''); - - ${rootLocalhostPass} - ${rootCreate} - ${mysqlAtLocalhost} - ${mysqlAtLocalhostGrants} - ${createHealthCheckUsers} - -- end of securing system users, rest of init now... - SET @@SESSION.SQL_LOG_BIN=@orig_sql_log_bin; - -- create users/databases - ${createDatabase} - ${createUser} - ${createReplicaUser} - ${userGrants} - - ${changeMasterTo} - EOSQL -} - -# create a new installation -docker_mariadb_init() -{ - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - if [ -n "$DATABASE_INIT_FROM_BACKUP" ]; then - shopt -s dotglob - for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do - mkdir -p "$DATADIR"/.init - tar --auto-compress --extract --file "$file" --directory="$DATADIR"/.init - mariadb-backup --target-dir="$DATADIR"/.init --datadir="$DATADIR"/.restore --move-back - - mv "$DATADIR"/.restore/** "$DATADIR"/ - if [ -f "$DATADIR/.init/backup-my.cnf" ]; then - mv "$DATADIR/.init/backup-my.cnf" "$DATADIR/.my.cnf" - mysql_note "Adding startup configuration:" - my_print_defaults --defaults-file="$DATADIR/.my.cnf" --mariadbd - fi - rm -rf "$DATADIR"/.init "$DATADIR"/.restore - if [ "$(id -u)" = "0" ]; then - # this will cause less disk access than `chown -R` - find "$DATADIR" \! -user mysql \( -exec chown mysql: '{}' + -o -true \) - fi - done - if _check_if_upgrade_is_needed; then - docker_mariadb_upgrade "$@" - fi - return - fi - docker_init_database_dir "$@" - - mysql_note "Starting temporary server" - docker_temp_server_start "$@" - mysql_note "Temporary server started." - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - # Wait until after /docker-entrypoint-initdb.d is performed before setting - # root@localhost password to a hash we don't know the password for. - if [ -n "${MARIADB_ROOT_PASSWORD_HASH}" ]; then - mysql_note "Setting root@localhost password hash" - docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL - SET @@SESSION.SQL_LOG_BIN=0; - SET PASSWORD FOR 'root'@'localhost'= '${MARIADB_ROOT_PASSWORD_HASH}'; - EOSQL - fi - - mysql_note "Stopping temporary server" - docker_temp_server_stop - mysql_note "Temporary server stopped" - - echo - mysql_note "MariaDB init process done. Ready for start up." - echo -} - -# backup the mysql database -docker_mariadb_backup_system() -{ - if [ -n "$MARIADB_DISABLE_UPGRADE_BACKUP" ] \ - && [ "$MARIADB_DISABLE_UPGRADE_BACKUP" = 1 ]; then - mysql_note "MariaDB upgrade backup disabled due to \$MARIADB_DISABLE_UPGRADE_BACKUP=1 setting" - return - fi - local backup_db="system_mysql_backup_unknown_version.sql.zst" - local oldfullversion="unknown_version" - if [ -r "$DATADIR"/mariadb_upgrade_info ]; then - read -r -d '' oldfullversion < "$DATADIR"/mariadb_upgrade_info || true - if [ -n "$oldfullversion" ]; then - backup_db="system_mysql_backup_${oldfullversion}.sql.zst" - fi - fi - - mysql_note "Backing up system database to $backup_db" - if ! mariadb-dump --skip-lock-tables --replace --databases mysql --socket="${SOCKET}" | zstd > "${DATADIR}/${backup_db}"; then - mysql_error "Unable backup system database for upgrade from $oldfullversion." - fi - mysql_note "Backing up complete" -} - -# perform mariadb-upgrade -# backup the mysql database if this is a major upgrade -docker_mariadb_upgrade() { - if [ -z "$MARIADB_AUTO_UPGRADE" ] \ - || [ "$MARIADB_AUTO_UPGRADE" = 0 ]; then - mysql_note "MariaDB upgrade (mariadb-upgrade or creating healthcheck users) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting" - return - fi - mysql_note "Starting temporary server" - docker_temp_server_start "$@" --skip-grant-tables \ - --loose-innodb_buffer_pool_dump_at_shutdown=0 - mysql_note "Temporary server started." - - docker_mariadb_backup_system - - if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then - mysql_note "Creating healthcheck users" - local createHealthCheckUsers - createHealthCheckUsers=$(create_healthcheck_users) - docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL - -- Healthcheck users shouldn't be replicated - SET @@SESSION.SQL_LOG_BIN=0; - -- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set - SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', ''); - FLUSH PRIVILEGES; - $createHealthCheckUsers -EOSQL - mysql_note "Stopping temporary server" - docker_temp_server_stop - mysql_note "Temporary server stopped" - - if _check_if_upgrade_is_needed; then - # need a restart as FLUSH PRIVILEGES isn't reversable - mysql_note "Restarting temporary server for upgrade" - docker_temp_server_start "$@" --skip-grant-tables \ - --loose-innodb_buffer_pool_dump_at_shutdown=0 - else - return 0 - fi - fi - - mysql_note "Starting mariadb-upgrade" - mariadb-upgrade --upgrade-system-tables - mysql_note "Finished mariadb-upgrade" - - mysql_note "Stopping temporary server" - docker_temp_server_stop - mysql_note "Temporary server stopped" -} - - -_check_if_upgrade_is_needed() { - if [ ! -f "$DATADIR"/mariadb_upgrade_info ]; then - mysql_note "MariaDB upgrade information missing, assuming required" - return 0 - fi - local mariadbVersion - mariadbVersion="$(_mariadb_version)" - IFS='.-' read -ra newversion <<<"$mariadbVersion" - IFS='.-' read -ra oldversion < "$DATADIR"/mariadb_upgrade_info || true - - if [[ ${#newversion[@]} -lt 2 ]] || [[ ${#oldversion[@]} -lt 2 ]] \ - || [[ ${oldversion[0]} -lt ${newversion[0]} ]] \ - || [[ ${oldversion[0]} -eq ${newversion[0]} && ${oldversion[1]} -lt ${newversion[1]} ]]; then - return 0 - fi - if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then - mysql_note "MariaDB heathcheck configation file missing, assuming desirable" - return 0 - fi - mysql_note "MariaDB upgrade not required" - return 1 -} - -# check arguments for an option that would cause mariadbd to stop -# return true if there is one -_mysql_want_help() { - local arg - for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if command starts with an option, prepend mariadbd - if [ "${1:0:1}" = '-' ]; then - set -- mariadbd "$@" - fi - - #ENDOFSUBSTITUTIONS - # skip setup if they aren't running mysqld or want an option that stops mysqld - if [ "$1" = 'mariadbd' ] || [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then - mysql_note "Entrypoint script for MariaDB Server ${MARIADB_VERSION} started." - - mysql_check_config "$@" - # Load various environment variables - docker_setup_env "$@" - docker_create_db_directories - - # If container is started as root user, restart as dedicated mysql user - if [ "$(id -u)" = "0" ]; then - mysql_note "Switching to dedicated user 'mysql'" - exec gosu mysql "${BASH_SOURCE[0]}" "$@" - fi - - # there's no database, so it needs to be initialized - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - docker_mariadb_init "$@" - # MDEV-27636 mariadb_upgrade --check-if-upgrade-is-needed cannot be run offline - #elif mariadb-upgrade --check-if-upgrade-is-needed; then - elif _check_if_upgrade_is_needed; then - docker_mariadb_upgrade "$@" - fi - fi - exec "$@" -} - -# If we are sourced from elsewhere, don't perform any further actions -if ! _is_sourced; then - _main "$@" -fi diff --git a/11.5-ubi/docker.cnf b/11.5-ubi/docker.cnf deleted file mode 100644 index 844c2cfb..00000000 --- a/11.5-ubi/docker.cnf +++ /dev/null @@ -1,15 +0,0 @@ -# Ubuntu container compatibility - -[mariadb] -host-cache-size=0 -skip-name-resolve - -expire_logs_days=10 -character-set-server=utf8mb4 - - -[client-server] -socket=/run/mariadb/mariadb.sock - -!includedir /etc/mysql/mariadb.conf.d -!includedir /etc/mysql/conf.d diff --git a/11.5-ubi/healthcheck.sh b/11.5-ubi/healthcheck.sh deleted file mode 100755 index 62be3459..00000000 --- a/11.5-ubi/healthcheck.sh +++ /dev/null @@ -1,395 +0,0 @@ -#!/bin/bash -# -# Healthcheck script for MariaDB -# -# Runs various tests on the MariaDB server to check its health. Pass the tests -# to run as arguments. If all tests succeed, the server is considered healthy, -# otherwise it's not. -# -# Arguments are processed in strict order. Set replication_* options before -# the --replication option. This allows a different set of replication checks -# on different connections. -# -# --su{=|-mysql} is option to run the healthcheck as a different unix user. -# Useful if mysql@localhost user exists with unix socket authentication -# Using this option disregards previous options set, so should usually be the -# first option. -# -# Some tests require SQL privileges. -# -# TEST MINIMUM GRANTS REQUIRED -# connect none* -# innodb_initialized USAGE -# innodb_buffer_pool_loaded USAGE -# galera_online USAGE -# galera_ready USAGE -# replication REPLICATION_CLIENT (<10.5)or REPLICA MONITOR (10.5+) -# mariadbupgrade none, however unix user permissions on datadir -# -# The SQL user used is the default for the mariadb client. This can be the unix user -# if no user(or password) is set in the [mariadb-client] section of a configuration -# file. --defaults-{file,extra-file,group-suffix} can specify a file/configuration -# different from elsewhere. -# -# Note * though denied error message will result in error log without -# any permissions. USAGE recommend to avoid this. - -set -eo pipefail - -_process_sql() -{ - mariadb ${nodefaults:+--no-defaults} \ - ${def['file']:+--defaults-file=${def['file']}} \ - ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ - ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - --skip-ssl --skip-ssl-verify-server-cert \ - --protocol socket \ - -B "$@" -} - -# TESTS - - -# CONNECT -# -# Tests that a connection can be made over TCP, the final state -# of the entrypoint and is listening. The authentication used -# isn't tested. -connect() -{ - local s - # short cut mechanism, to work with --require-secure-transport - s=$(_process_sql --skip-column-names -e 'select @@skip_networking') - case "$s" in - 0|1) - connect_s=$s - return "$s"; - ;; - esac - # falling back to tcp if there wasn't a connection answer. - s=$(mariadb ${nodefaults:+--no-defaults} \ - ${def['file']:+--defaults-file=${def['file']}} \ - ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ - ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp \ - --skip-column-names --batch --skip-print-query-on-error \ - -e 'select @@skip_networking' 2>&1) - - case "$s" in - 1) # skip-networking=1 (no network) - ;& - ERROR\ 2002\ \(HY000\):*) - # cannot connect - connect_s=1 - ;; - 0) # skip-networking=0 - ;& - ERROR\ 1820\ \(HY000\)*) # password expire - ;& - ERROR\ 4151\ \(HY000\):*) # account locked - ;& - ERROR\ 1226\ \(42000\)*) # resource limit exceeded - ;& - ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) - # grep access denied and other 28000 client errors - we did connect - connect_s=0 - ;; - *) - >&2 echo "Unknown error $s" - connect_s=1 - ;; - esac - return $connect_s -} - -# INNODB_INITIALIZED -# -# This tests that the crash recovery of InnoDB has completed -# along with all the other things required to make it to a healthy -# operational state. Note this may return true in the early -# states of initialization. Use with a connect test to avoid -# these false positives. -innodb_initialized() -{ - local s - s=$(_process_sql --skip-column-names -e "select 1 from information_schema.ENGINES WHERE engine='innodb' AND support in ('YES', 'DEFAULT', 'ENABLED')") - [ "$s" == 1 ] -} - -# INNODB_BUFFER_POOL_LOADED -# -# Tests the load of the innodb buffer pool as been complete -# implies innodb_buffer_pool_load_at_startup=1 (default), or if -# manually SET innodb_buffer_pool_load_now=1 -innodb_buffer_pool_loaded() -{ - local s - s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='Innodb_buffer_pool_load_status'") - if [[ $s =~ 'load completed' ]]; then - return 0 - fi - return 1 -} - -# GALERA_ONLINE -# -# Tests that the galera node is in the SYNCed state -galera_online() -{ - local s - s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='WSREP_LOCAL_STATE'") - # 4 from https://galeracluster.com/library/documentation/node-states.html#node-state-changes - # not https://xkcd.com/221/ - if [[ $s -eq 4 ]]; then - return 0 - fi - return 1 -} - -# GALERA_READY -# -# Tests that the Galera provider is ready. -galera_ready() -{ - local s - s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='WSREP_READY'") - if [ "$s" = "ON" ]; then - return 0 - fi - return 1 -} - -# REPLICATION -# -# Tests the replication has the required set of functions: -# --replication_all -> Checks all replication sources -# --replication_name=n -> sets the multisource connection name tested -# --replication_io -> IO thread is running -# --replication_sql -> SQL thread is running -# --replication_seconds_behind_master=n -> less than or equal this seconds of delay -# --replication_sql_remaining_delay=n -> less than or equal this seconds of remaining delay -# (ref: https://mariadb.com/kb/en/delayed-replication/) -replication() -{ - # SHOW REPLICA available 10.5+ - # https://github.com/koalaman/shellcheck/issues/2383 - # shellcheck disable=SC2016,SC2026 - _process_sql -e "SHOW ${repl['all']:+all} REPLICA${repl['all']:+S} ${repl['name']:+'${repl['name']}'} STATUS\G" | \ - { - # required for trim of leading space. - shopt -s extglob - # Row header - read -t 5 -r - # read timeout - [ $? -gt 128 ] && return 1 - while IFS=":" read -t 1 -r n v; do - # Trim leading space - n=${n##+([[:space:]])} - # Leading space on all values by the \G format needs to be trimmed. - v=${v:1} - case "$n" in - Slave_IO_Running) - if [ -n "${repl['io']}" ] && [ "$v" = 'No' ]; then - return 1 - fi - ;; - Slave_SQL_Running) - if [ -n "${repl['sql']}" ] && [ "$v" = 'No' ]; then - return 1 - fi - ;; - Seconds_Behind_Master) - # A NULL value is the IO thread not running: - if [ -n "${repl['seconds_behind_master']}" ] && - { [ "$v" = NULL ] || - (( "${repl['seconds_behind_master']}" < "$v" )); }; then - return 1 - fi - ;; - SQL_Remaining_Delay) - # Unlike Seconds_Behind_Master, sql_remaining_delay will hit NULL - # once replication is caught up - https://mariadb.com/kb/en/delayed-replication/ - if [ -n "${repl['sql_remaining_delay']}" ] && - [ "$v" != NULL ] && - (( "${repl['sql_remaining_delay']}" < "$v" )); then - return 1 - fi - ;; - esac - done - # read timeout - [ $? -gt 128 ] && return 1 - return 0 - } - # reachable in command not found(?) - # shellcheck disable=SC2317 - return $? -} - -# mariadbupgrade -# -# Test the lock on the file $datadir/mariadb_upgrade_info -# https://jira.mariadb.org/browse/MDEV-27068 -mariadbupgrade() -{ - local f="$datadir/mariadb_upgrade_info" - if [ -r "$f" ]; then - flock --exclusive --nonblock -n 9 9<"$f" - return $? - fi - return 0 -} - - -# MAIN - -if [ $# -eq 0 ]; then - echo "At least one argument required" >&2 - exit 1 -fi - -#ENDOFSUBSTITUTIONS -# Marks the end of mysql -> mariadb name changes in 10.6+ -# Global variables used by tests -declare -A repl -declare -A def -nodefaults= -connect_s= -datadir=/var/lib/mysql -if [ -f $datadir/.my-healthcheck.cnf ]; then - def['extra_file']=$datadir/.my-healthcheck.cnf -fi - -_repl_param_check() -{ - case "$1" in - seconds_behind_master) ;& - sql_remaining_delay) - if [ -z "${repl['io']}" ]; then - repl['io']=1 - echo "Forcing --replication_io=1, $1 requires IO thread to be running" >&2 - fi - ;; - all) - if [ -n "${repl['name']}" ]; then - unset 'repl[name]' - echo "Option --replication_all incompatible with specified source --replication_name, clearing replication_name" >&2 - fi - ;; - name) - if [ -n "${repl['all']}" ]; then - unset 'repl[all]' - echo "Option --replication_name incompatible with --replication_all, clearing replication_all" >&2 - fi - ;; - esac -} - -_test_exists() { - declare -F "$1" > /dev/null - return $? -} - -while [ $# -gt 0 ]; do - case "$1" in - --su=*) - u="${1#*=}" - shift - exec gosu "${u}" "${BASH_SOURCE[0]}" "$@" - ;; - --su) - shift - u=$1 - shift - exec gosu "$u" "${BASH_SOURCE[0]}" "$@" - ;; - --su-mysql) - shift - exec gosu mysql "${BASH_SOURCE[0]}" "$@" - ;; - --replication_*=*) - # Change the n to what is between _ and = and make lower case - n=${1#*_} - n=${n%%=*} - n=${n,,*} - # v is after the = - v=${1#*=} - repl[$n]=$v - _repl_param_check "$n" - ;; - --replication_*) - # Without =, look for a non --option next as the value, - # otherwise treat it as an "enable", just equate to 1. - # Clearing option is possible with "--replication_X=" - n=${1#*_} - n=${n,,*} - if [ "${2:0:2}" == '--' ]; then - repl[$n]=1 - else - repl[$n]=$2 - shift - fi - _repl_param_check "$n" - ;; - --datadir=*) - datadir=${1#*=} - ;; - --datadir) - shift - datadir=${1} - ;; - --no-defaults) - def=() - nodefaults=1 - ;; - --defaults-file=*|--defaults-extra-file=*|--defaults-group-suffix=*) - n=${1:11} # length --defaults- - n=${n%%=*} - n=${n//-/_} - # v is after the = - v=${1#*=} - def[$n]=$v - nodefaults= - ;; - --defaults-file|--defaults-extra-file|--defaults-group-suffix) - n=${1:11} # length --defaults- - n=${n//-/_} - if [ "${2:0:2}" == '--' ]; then - def[$n]="" - else - def[$n]=$2 - shift - fi - nodefaults= - ;; - --no-connect) - # used for /docker-entrypoint-initdb.d scripts - # where you definately don't want a connection test - connect_s=0 - ;; - --*) - test=${1#--} - ;; - *) - echo "Unknown healthcheck option $1" >&2 - exit 1 - esac - if [ -n "$test" ]; then - if ! _test_exists "$test" ; then - echo "healthcheck unknown option or test '$test'" >&2 - exit 1 - elif ! "$test"; then - echo "healthcheck $test failed" >&2 - exit 1 - fi - test= - fi - shift -done -if [ "$connect_s" != "0" ]; then - # we didn't pass a connnect test, so the current success status is suspicious - # return what connect thinks. - connect - exit $? -fi diff --git a/11.5/Dockerfile b/11.5/Dockerfile deleted file mode 100644 index a7f1aa06..00000000 --- a/11.5/Dockerfile +++ /dev/null @@ -1,142 +0,0 @@ -# vim:set ft=dockerfile: -FROM ubuntu:noble - -# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added -RUN groupadd -r mysql && useradd -r -g mysql mysql --home-dir /var/lib/mysql && userdel --remove ubuntu - -# add gosu for easy step-down from root -# https://github.com/tianon/gosu/releases -# gosu key is B42F6819007F00F88E364FD4036A9C25BF357DD4 -ENV GOSU_VERSION 1.17 - -ARG GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 -# pub rsa4096 2016-03-30 [SC] -# 177F 4010 FE56 CA33 3630 0305 F165 6F24 C74C D1D8 -# uid [ unknown] MariaDB Signing Key -# sub rsa4096 2016-03-30 [E] -# install "libjemalloc2" as it offers better performance in some cases. Use with LD_PRELOAD -# install "pwgen" for randomizing passwords -# install "tzdata" for /usr/share/zoneinfo/ -# install "xz-utils" for .sql.xz docker-entrypoint-initdb.d files -# install "zstd" for .sql.zst docker-entrypoint-initdb.d files -# hadolint ignore=SC2086 -RUN set -eux; \ - apt-get update; \ - DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ - ca-certificates \ - gpg \ - gpgv \ - libjemalloc2 \ - pwgen \ - tzdata \ - xz-utils \ - zstd ; \ - savedAptMark="$(apt-mark showmanual)"; \ - apt-get install -y --no-install-recommends \ - dirmngr \ - gpg-agent \ - wget; \ - rm -rf /var/lib/apt/lists/*; \ - dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ - wget -q -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ - wget -q -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ - GNUPGHOME="$(mktemp -d)"; \ - export GNUPGHOME; \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ - for key in $GPG_KEYS; do \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ - done; \ - gpg --batch --export "$GPG_KEYS" > /etc/apt/trusted.gpg.d/mariadb.gpg; \ - if command -v gpgconf >/dev/null; then \ - gpgconf --kill all; \ - fi; \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ - gpgconf --kill all; \ - rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; \ - apt-mark auto '.*' > /dev/null; \ - [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark >/dev/null; \ - apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ - chmod +x /usr/local/bin/gosu; \ - gosu --version; \ - gosu nobody true - -RUN mkdir /docker-entrypoint-initdb.d - -# Ensure the container exec commands handle range of utf8 characters based of -# default locales in base image (https://github.com/docker-library/docs/blob/135b79cc8093ab02e55debb61fdb079ab2dbce87/ubuntu/README.md#locales) -ENV LANG C.UTF-8 - -# OCI annotations to image -LABEL org.opencontainers.image.authors="MariaDB Community" \ - org.opencontainers.image.title="MariaDB Database" \ - org.opencontainers.image.description="MariaDB Database for relational SQL" \ - org.opencontainers.image.documentation="https://hub.docker.com/_/mariadb/" \ - org.opencontainers.image.base.name="docker.io/library/ubuntu:noble" \ - org.opencontainers.image.licenses="GPL-2.0" \ - org.opencontainers.image.source="https://github.com/MariaDB/mariadb-docker" \ - org.opencontainers.image.vendor="MariaDB Community" \ - org.opencontainers.image.version="11.5.2" \ - org.opencontainers.image.url="https://github.com/MariaDB/mariadb-docker" - -# bashbrew-architectures: amd64 arm64v8 ppc64le s390x -ARG MARIADB_VERSION=1:11.5.2+maria~ubu2404 -ENV MARIADB_VERSION $MARIADB_VERSION -# release-status:Unknown -# release-support-type:Unknown -# (https://downloads.mariadb.org/rest-api/mariadb/) - -# Allowing overriding of REPOSITORY, a URL that includes suite and component for testing and Enterprise Versions -ARG REPOSITORY="http://archive.mariadb.org/mariadb-11.5.2/repo/ubuntu/ noble main main/debug" - -RUN set -e;\ - echo "deb ${REPOSITORY}" > /etc/apt/sources.list.d/mariadb.list; \ - { \ - echo 'Package: *'; \ - echo 'Pin: release o=MariaDB'; \ - echo 'Pin-Priority: 999'; \ - } > /etc/apt/preferences.d/mariadb -# add repository pinning to make sure dependencies from this MariaDB repo are preferred over Debian dependencies -# libmariadbclient18 : Depends: libmysqlclient18 (= 5.5.42+maria-1~wheezy) but 5.5.43-0+deb7u1 is to be installed - -# the "/var/lib/mysql" stuff here is because the mysql-server postinst doesn't have an explicit way to disable the mysql_install_db codepath besides having a database already "configured" (ie, stuff in /var/lib/mysql/mysql) -# also, we set debconf keys to make APT a little quieter -# hadolint ignore=DL3015 -RUN set -ex; \ - { \ - echo "mariadb-server" mysql-server/root_password password 'unused'; \ - echo "mariadb-server" mysql-server/root_password_again password 'unused'; \ - } | debconf-set-selections; \ - apt-get update; \ -# postinst script creates a datadir, so avoid creating it by faking its existance. - mkdir -p /var/lib/mysql/mysql ; touch /var/lib/mysql/mysql/user.frm ; \ -# mariadb-backup is installed at the same time so that `mysql-common` is only installed once from just mariadb repos - apt-get install -y --no-install-recommends mariadb-server="$MARIADB_VERSION" mariadb-backup socat \ - ; \ - rm -rf /var/lib/apt/lists/*; \ -# purge and re-create /var/lib/mysql with appropriate ownership - rm -rf /var/lib/mysql; \ - mkdir -p /var/lib/mysql /run/mysqld; \ - chown -R mysql:mysql /var/lib/mysql /run/mysqld; \ -# ensure that /run/mysqld (used for socket and lock files) is writable regardless of the UID our mysqld instance ends up having at runtime - chmod 1777 /run/mysqld; \ -# comment out a few problematic configuration values - find /etc/mysql/ -name '*.cnf' -print0 \ - | xargs -0 grep -lZE '^(bind-address|log|user\s)' \ - | xargs -rt -0 sed -Ei 's/^(bind-address|log|user\s)/#&/'; \ -# don't reverse lookup hostnames, they are usually another container - printf "[mariadb]\nhost-cache-size=0\nskip-name-resolve\n" > /etc/mysql/mariadb.conf.d/05-skipcache.cnf; \ -# Issue #327 Correct order of reading directories /etc/mysql/mariadb.conf.d before /etc/mysql/conf.d (mount-point per documentation) - if [ -L /etc/mysql/my.cnf ]; then \ -# 10.5+ - sed -i -e '/includedir/ {N;s/\(.*\)\n\(.*\)/\n\2\n\1/}' /etc/mysql/mariadb.cnf; \ - fi - - -VOLUME /var/lib/mysql - -COPY healthcheck.sh /usr/local/bin/healthcheck.sh -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -EXPOSE 3306 -CMD ["mariadbd"] diff --git a/11.5/docker-entrypoint.sh b/11.5/docker-entrypoint.sh deleted file mode 100755 index b562bfaa..00000000 --- a/11.5/docker-entrypoint.sh +++ /dev/null @@ -1,718 +0,0 @@ -#!/bin/bash -set -eo pipefail -shopt -s nullglob - -# logging functions -mysql_log() { - local type="$1"; shift - printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*" -} -mysql_note() { - mysql_log Note "$@" -} -mysql_warn() { - mysql_log Warn "$@" >&2 -} -mysql_error() { - mysql_log ERROR "$@" >&2 - exit 1 -} - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - mysql_error "Both $var and $fileVar are set (but are exclusive)" - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# set MARIADB_xyz from MYSQL_xyz when MARIADB_xyz is unset -# and make them the same value (so user scripts can use either) -_mariadb_file_env() { - local var="$1"; shift - local maria="MARIADB_${var#MYSQL_}" - file_env "$var" "$@" - file_env "$maria" "${!var}" - if [ "${!maria:-}" ]; then - export "$var"="${!maria}" - fi -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions -docker_process_init_files() { - # mysql here for backwards compatibility "${mysql[@]}" - # ShellCheck: mysql appears unused. Verify use (or export if used externally) - # shellcheck disable=SC2034 - mysql=( docker_process_sql ) - - echo - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - mysql_note "$0: running $f" - "$f" - else - mysql_note "$0: sourcing $f" - # ShellCheck can't follow non-constant source. Use a directive to specify location. - # shellcheck disable=SC1090 - . "$f" - fi - ;; - *.sql) mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;; - *.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;; - *.sql.xz) mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;; - *.sql.zst) mysql_note "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;; - *) mysql_warn "$0: ignoring $f" ;; - esac - echo - done -} - -# arguments necessary to run "mariadbd --verbose --help" successfully (used for testing configuration validity and for extracting default/configured values) -_verboseHelpArgs=( - --verbose --help -) - -mysql_check_config() { - local toRun=( "$@" "${_verboseHelpArgs[@]}" ) errors - if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - mysql_error $'mariadbd failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors" - fi -} - -# Fetch value from server config -# We use mariadbd --verbose --help instead of my_print_defaults because the -# latter only show values present in config files, and not server defaults -mysql_get_config() { - local conf="$1"; shift - "$@" "${_verboseHelpArgs[@]}" 2>/dev/null \ - | awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }' - # match "datadir /some/path with/spaces in/it here" but not "--xyz=abc\n datadir (xyz)" -} - -# Do a temporary startup of the MariaDB server, for init purposes -docker_temp_server_start() { - "$@" --skip-networking --default-time-zone=SYSTEM --socket="${SOCKET}" --wsrep_on=OFF \ - --expire-logs-days=0 \ - --skip-slave-start \ - --loose-innodb_buffer_pool_load_at_startup=0 \ - --skip-ssl --ssl-cert='' --ssl-key='' --ssl-ca='' \ - & - declare -g MARIADB_PID - MARIADB_PID=$! - mysql_note "Waiting for server startup" - # only use the root password if the database has already been initialized - # so that it won't try to fill in a password file when it hasn't been set yet - extraArgs=() - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - extraArgs+=( '--dont-use-mysql-root-password' ) - fi - local i - for i in {30..0}; do - if docker_process_sql "${extraArgs[@]}" --database=mysql \ - --skip-ssl --skip-ssl-verify-server-cert \ - <<<'SELECT 1' &> /dev/null; then - break - fi - sleep 1 - done - if [ "$i" = 0 ]; then - mysql_error "Unable to start server." - fi -} - -# Stop the server. When using a local socket file mariadb-admin will block until -# the shutdown is complete. -docker_temp_server_stop() { - kill "$MARIADB_PID" - wait "$MARIADB_PID" -} - -# Verify that the minimally required password settings are set for new databases. -docker_verify_minimum_env() { - # Restoring from backup requires no environment variables - declare -g DATABASE_INIT_FROM_BACKUP - for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do - if [ -f "${file}" ]; then - DATABASE_INIT_FROM_BACKUP='true' - return - fi - done - if [ -z "$MARIADB_ROOT_PASSWORD" ] && [ -z "$MARIADB_ROOT_PASSWORD_HASH" ] && [ -z "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] && [ -z "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then - mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MARIADB_ROOT_PASSWORD, MARIADB_ROOT_PASSWORD_HASH, MARIADB_ALLOW_EMPTY_ROOT_PASSWORD and MARIADB_RANDOM_ROOT_PASSWORD' - fi - # More preemptive exclusions of combinations should have been made before *PASSWORD_HASH was added, but for now we don't enforce due to compatibility. - if [ -n "$MARIADB_ROOT_PASSWORD" ] || [ -n "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] || [ -n "$MARIADB_RANDOM_ROOT_PASSWORD" ] && [ -n "$MARIADB_ROOT_PASSWORD_HASH" ]; then - mysql_error "Cannot specify MARIADB_ROOT_PASSWORD_HASH and another MARIADB_ROOT_PASSWORD* option." - fi - if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then - mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option." - fi - if [ -n "$MARIADB_REPLICATION_USER" ]; then - if [ -z "$MARIADB_MASTER_HOST" ]; then - # its a master, we're creating a user - if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then - mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master" - fi - else - # its a replica - if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then - mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image." - fi - if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then - mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica" - fi - fi - fi - if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then - mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory." - fi -} - -# creates folders for the database -# also ensures permission for user mysql of run as root -docker_create_db_directories() { - local user; user="$(id -u)" - - # TODO other directories that are used by default? like /var/lib/mysql-files - # see https://github.com/docker-library/mysql/issues/562 - mkdir -p "$DATADIR" - - if [ "$user" = "0" ]; then - # this will cause less disk access than `chown -R` - find "$DATADIR" \! -user mysql \( -exec chown mysql: '{}' + -o -true \) - # See https://github.com/MariaDB/mariadb-docker/issues/363 - if [ "${SOCKET:0:1}" != '@' ]; then # not abstract sockets - find "${SOCKET%/*}" -maxdepth 0 \! -user mysql \( -exec chown mysql: '{}' \; -o -true \) - fi - - # memory.pressure - local cgroup; cgroup=$( "$DATADIR"/.my-healthcheck.cnf - $maskPreserve -} - -# Initializes database with timezone info and root password, plus optional extra db/user -docker_setup_db() { - # Load timezone info into database - if [ -z "$MARIADB_INITDB_SKIP_TZINFO" ]; then - # --skip-write-binlog usefully disables binary logging - # but also outputs LOCK TABLES to improve the IO of - # Aria (MDEV-23326) for 10.4+. - mariadb-tzinfo-to-sql --skip-write-binlog /usr/share/zoneinfo \ - | docker_process_sql --dont-use-mysql-root-password --database=mysql - # tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet - fi - # Generate random root password - if [ -n "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then - MARIADB_ROOT_PASSWORD="$(pwgen --numerals --capitalize --symbols --remove-chars="'\\" -1 32)" - export MARIADB_ROOT_PASSWORD MYSQL_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD - mysql_note "GENERATED ROOT PASSWORD: $MARIADB_ROOT_PASSWORD" - fi - - # Creates root users for non-localhost hosts - local rootCreate= - local rootPasswordEscaped= - if [ -n "$MARIADB_ROOT_PASSWORD" ]; then - # Sets root password and creates root users for non-localhost hosts - rootPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_ROOT_PASSWORD}") - fi - - # default root to listen for connections from anywhere - if [ -n "$MARIADB_ROOT_HOST" ] && [ "$MARIADB_ROOT_HOST" != 'localhost' ]; then - # ref "read -d ''", no, we don't care if read finds a terminating character in this heredoc - # https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151 - if [ -n "$MARIADB_ROOT_PASSWORD_HASH" ]; then - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY PASSWORD '${MARIADB_ROOT_PASSWORD_HASH}' ; - GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ; - GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION; - EOSQL - else - read -r -d '' rootCreate <<-EOSQL || true - CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY '${rootPasswordEscaped}' ; - GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ; - GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION; - EOSQL - fi - fi - - local mysqlAtLocalhost= - local mysqlAtLocalhostGrants= - # Install mysql@localhost user - if [ -n "$MARIADB_MYSQL_LOCALHOST_USER" ]; then - read -r -d '' mysqlAtLocalhost <<-EOSQL || true - CREATE USER mysql@localhost IDENTIFIED VIA unix_socket; - EOSQL - if [ -n "$MARIADB_MYSQL_LOCALHOST_GRANTS" ]; then - if [ "$MARIADB_MYSQL_LOCALHOST_GRANTS" != USAGE ]; then - mysql_warn "Excessive privileges ON *.* TO mysql@localhost facilitates risks to the confidentiality, integrity and availability of data stored" - fi - mysqlAtLocalhostGrants="GRANT ${MARIADB_MYSQL_LOCALHOST_GRANTS} ON *.* TO mysql@localhost;"; - fi - fi - - local createHealthCheckUsers - createHealthCheckUsers=$(create_healthcheck_users) - - local rootLocalhostPass= - if [ -z "$MARIADB_ROOT_PASSWORD_HASH" ]; then - # handle MARIADB_ROOT_PASSWORD_HASH for root@localhost after /docker-entrypoint-initdb.d - rootLocalhostPass="SET PASSWORD FOR 'root'@'localhost'= PASSWORD('${rootPasswordEscaped}');" - fi - - local createDatabase= - # Creates a custom database and user if specified - if [ -n "$MARIADB_DATABASE" ]; then - mysql_note "Creating database ${MARIADB_DATABASE}" - createDatabase="CREATE DATABASE IF NOT EXISTS \`$MARIADB_DATABASE\`;" - fi - - local createUser= - local userGrants= - if [ -n "$MARIADB_PASSWORD" ] || [ -n "$MARIADB_PASSWORD_HASH" ] && [ -n "$MARIADB_USER" ]; then - mysql_note "Creating user ${MARIADB_USER}" - if [ -n "$MARIADB_PASSWORD_HASH" ]; then - createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_PASSWORD_HASH';" - else - # SQL escape the user password, \ followed by ' - local userPasswordEscaped - userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_PASSWORD}") - createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';" - fi - - if [ -n "$MARIADB_DATABASE" ]; then - mysql_note "Giving user ${MARIADB_USER} access to schema ${MARIADB_DATABASE}" - userGrants="GRANT ALL ON \`${MARIADB_DATABASE//_/\\_}\`.* TO '$MARIADB_USER'@'%';" - fi - fi - - # To create replica user - local createReplicaUser= - local changeMasterTo= - if [ -n "$MARIADB_REPLICATION_USER" ] ; then - if [ -z "$MARIADB_MASTER_HOST" ]; then - # on master - mysql_note "Creating user ${MARIADB_REPLICATION_USER}" - createReplicaUser=$(create_replica_user) - else - # on replica - local rplPasswordEscaped - rplPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}") - # SC cannot follow how MARIADB_MASTER_PORT is assigned a default value. - # shellcheck disable=SC2153 - changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;" - fi - fi - - mysql_note "Securing system users (equivalent to running mysql_secure_installation)" - # tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set - # --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding. - docker_process_sql --dont-use-mysql-root-password --database=mysql --binary-mode <<-EOSQL - -- Securing system users shouldn't be replicated - SET @orig_sql_log_bin= @@SESSION.SQL_LOG_BIN; - SET @@SESSION.SQL_LOG_BIN=0; - -- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set - SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', ''); - - DROP USER IF EXISTS root@'127.0.0.1', root@'::1'; - EXECUTE IMMEDIATE CONCAT('DROP USER IF EXISTS root@\'', @@hostname,'\''); - - ${rootLocalhostPass} - ${rootCreate} - ${mysqlAtLocalhost} - ${mysqlAtLocalhostGrants} - ${createHealthCheckUsers} - -- end of securing system users, rest of init now... - SET @@SESSION.SQL_LOG_BIN=@orig_sql_log_bin; - -- create users/databases - ${createDatabase} - ${createUser} - ${createReplicaUser} - ${userGrants} - - ${changeMasterTo} - EOSQL -} - -# create a new installation -docker_mariadb_init() -{ - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - if [ -n "$DATABASE_INIT_FROM_BACKUP" ]; then - shopt -s dotglob - for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do - mkdir -p "$DATADIR"/.init - tar --auto-compress --extract --file "$file" --directory="$DATADIR"/.init - mariadb-backup --target-dir="$DATADIR"/.init --datadir="$DATADIR"/.restore --move-back - - mv "$DATADIR"/.restore/** "$DATADIR"/ - if [ -f "$DATADIR/.init/backup-my.cnf" ]; then - mv "$DATADIR/.init/backup-my.cnf" "$DATADIR/.my.cnf" - mysql_note "Adding startup configuration:" - my_print_defaults --defaults-file="$DATADIR/.my.cnf" --mariadbd - fi - rm -rf "$DATADIR"/.init "$DATADIR"/.restore - if [ "$(id -u)" = "0" ]; then - # this will cause less disk access than `chown -R` - find "$DATADIR" \! -user mysql \( -exec chown mysql: '{}' + -o -true \) - fi - done - if _check_if_upgrade_is_needed; then - docker_mariadb_upgrade "$@" - fi - return - fi - docker_init_database_dir "$@" - - mysql_note "Starting temporary server" - docker_temp_server_start "$@" - mysql_note "Temporary server started." - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - # Wait until after /docker-entrypoint-initdb.d is performed before setting - # root@localhost password to a hash we don't know the password for. - if [ -n "${MARIADB_ROOT_PASSWORD_HASH}" ]; then - mysql_note "Setting root@localhost password hash" - docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL - SET @@SESSION.SQL_LOG_BIN=0; - SET PASSWORD FOR 'root'@'localhost'= '${MARIADB_ROOT_PASSWORD_HASH}'; - EOSQL - fi - - mysql_note "Stopping temporary server" - docker_temp_server_stop - mysql_note "Temporary server stopped" - - echo - mysql_note "MariaDB init process done. Ready for start up." - echo -} - -# backup the mysql database -docker_mariadb_backup_system() -{ - if [ -n "$MARIADB_DISABLE_UPGRADE_BACKUP" ] \ - && [ "$MARIADB_DISABLE_UPGRADE_BACKUP" = 1 ]; then - mysql_note "MariaDB upgrade backup disabled due to \$MARIADB_DISABLE_UPGRADE_BACKUP=1 setting" - return - fi - local backup_db="system_mysql_backup_unknown_version.sql.zst" - local oldfullversion="unknown_version" - if [ -r "$DATADIR"/mariadb_upgrade_info ]; then - read -r -d '' oldfullversion < "$DATADIR"/mariadb_upgrade_info || true - if [ -n "$oldfullversion" ]; then - backup_db="system_mysql_backup_${oldfullversion}.sql.zst" - fi - fi - - mysql_note "Backing up system database to $backup_db" - if ! mariadb-dump --skip-lock-tables --replace --databases mysql --socket="${SOCKET}" | zstd > "${DATADIR}/${backup_db}"; then - mysql_error "Unable backup system database for upgrade from $oldfullversion." - fi - mysql_note "Backing up complete" -} - -# perform mariadb-upgrade -# backup the mysql database if this is a major upgrade -docker_mariadb_upgrade() { - if [ -z "$MARIADB_AUTO_UPGRADE" ] \ - || [ "$MARIADB_AUTO_UPGRADE" = 0 ]; then - mysql_note "MariaDB upgrade (mariadb-upgrade or creating healthcheck users) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting" - return - fi - mysql_note "Starting temporary server" - docker_temp_server_start "$@" --skip-grant-tables \ - --loose-innodb_buffer_pool_dump_at_shutdown=0 - mysql_note "Temporary server started." - - docker_mariadb_backup_system - - if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then - mysql_note "Creating healthcheck users" - local createHealthCheckUsers - createHealthCheckUsers=$(create_healthcheck_users) - docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL - -- Healthcheck users shouldn't be replicated - SET @@SESSION.SQL_LOG_BIN=0; - -- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set - SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', ''); - FLUSH PRIVILEGES; - $createHealthCheckUsers -EOSQL - mysql_note "Stopping temporary server" - docker_temp_server_stop - mysql_note "Temporary server stopped" - - if _check_if_upgrade_is_needed; then - # need a restart as FLUSH PRIVILEGES isn't reversable - mysql_note "Restarting temporary server for upgrade" - docker_temp_server_start "$@" --skip-grant-tables \ - --loose-innodb_buffer_pool_dump_at_shutdown=0 - else - return 0 - fi - fi - - mysql_note "Starting mariadb-upgrade" - mariadb-upgrade --upgrade-system-tables - mysql_note "Finished mariadb-upgrade" - - mysql_note "Stopping temporary server" - docker_temp_server_stop - mysql_note "Temporary server stopped" -} - - -_check_if_upgrade_is_needed() { - if [ ! -f "$DATADIR"/mariadb_upgrade_info ]; then - mysql_note "MariaDB upgrade information missing, assuming required" - return 0 - fi - local mariadbVersion - mariadbVersion="$(_mariadb_version)" - IFS='.-' read -ra newversion <<<"$mariadbVersion" - IFS='.-' read -ra oldversion < "$DATADIR"/mariadb_upgrade_info || true - - if [[ ${#newversion[@]} -lt 2 ]] || [[ ${#oldversion[@]} -lt 2 ]] \ - || [[ ${oldversion[0]} -lt ${newversion[0]} ]] \ - || [[ ${oldversion[0]} -eq ${newversion[0]} && ${oldversion[1]} -lt ${newversion[1]} ]]; then - return 0 - fi - if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then - mysql_note "MariaDB heathcheck configation file missing, assuming desirable" - return 0 - fi - mysql_note "MariaDB upgrade not required" - return 1 -} - -# check arguments for an option that would cause mariadbd to stop -# return true if there is one -_mysql_want_help() { - local arg - for arg; do - case "$arg" in - -'?'|--help|--print-defaults|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if command starts with an option, prepend mariadbd - if [ "${1:0:1}" = '-' ]; then - set -- mariadbd "$@" - fi - - #ENDOFSUBSTITUTIONS - # skip setup if they aren't running mysqld or want an option that stops mysqld - if [ "$1" = 'mariadbd' ] || [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then - mysql_note "Entrypoint script for MariaDB Server ${MARIADB_VERSION} started." - - mysql_check_config "$@" - # Load various environment variables - docker_setup_env "$@" - docker_create_db_directories - - # If container is started as root user, restart as dedicated mysql user - if [ "$(id -u)" = "0" ]; then - mysql_note "Switching to dedicated user 'mysql'" - exec gosu mysql "${BASH_SOURCE[0]}" "$@" - fi - - # there's no database, so it needs to be initialized - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - docker_mariadb_init "$@" - # MDEV-27636 mariadb_upgrade --check-if-upgrade-is-needed cannot be run offline - #elif mariadb-upgrade --check-if-upgrade-is-needed; then - elif _check_if_upgrade_is_needed; then - docker_mariadb_upgrade "$@" - fi - fi - exec "$@" -} - -# If we are sourced from elsewhere, don't perform any further actions -if ! _is_sourced; then - _main "$@" -fi diff --git a/11.5/healthcheck.sh b/11.5/healthcheck.sh deleted file mode 100755 index 62be3459..00000000 --- a/11.5/healthcheck.sh +++ /dev/null @@ -1,395 +0,0 @@ -#!/bin/bash -# -# Healthcheck script for MariaDB -# -# Runs various tests on the MariaDB server to check its health. Pass the tests -# to run as arguments. If all tests succeed, the server is considered healthy, -# otherwise it's not. -# -# Arguments are processed in strict order. Set replication_* options before -# the --replication option. This allows a different set of replication checks -# on different connections. -# -# --su{=|-mysql} is option to run the healthcheck as a different unix user. -# Useful if mysql@localhost user exists with unix socket authentication -# Using this option disregards previous options set, so should usually be the -# first option. -# -# Some tests require SQL privileges. -# -# TEST MINIMUM GRANTS REQUIRED -# connect none* -# innodb_initialized USAGE -# innodb_buffer_pool_loaded USAGE -# galera_online USAGE -# galera_ready USAGE -# replication REPLICATION_CLIENT (<10.5)or REPLICA MONITOR (10.5+) -# mariadbupgrade none, however unix user permissions on datadir -# -# The SQL user used is the default for the mariadb client. This can be the unix user -# if no user(or password) is set in the [mariadb-client] section of a configuration -# file. --defaults-{file,extra-file,group-suffix} can specify a file/configuration -# different from elsewhere. -# -# Note * though denied error message will result in error log without -# any permissions. USAGE recommend to avoid this. - -set -eo pipefail - -_process_sql() -{ - mariadb ${nodefaults:+--no-defaults} \ - ${def['file']:+--defaults-file=${def['file']}} \ - ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ - ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - --skip-ssl --skip-ssl-verify-server-cert \ - --protocol socket \ - -B "$@" -} - -# TESTS - - -# CONNECT -# -# Tests that a connection can be made over TCP, the final state -# of the entrypoint and is listening. The authentication used -# isn't tested. -connect() -{ - local s - # short cut mechanism, to work with --require-secure-transport - s=$(_process_sql --skip-column-names -e 'select @@skip_networking') - case "$s" in - 0|1) - connect_s=$s - return "$s"; - ;; - esac - # falling back to tcp if there wasn't a connection answer. - s=$(mariadb ${nodefaults:+--no-defaults} \ - ${def['file']:+--defaults-file=${def['file']}} \ - ${def['extra_file']:+--defaults-extra-file=${def['extra_file']}} \ - ${def['group_suffix']:+--defaults-group-suffix=${def['group_suffix']}} \ - --skip-ssl --skip-ssl-verify-server-cert \ - -h localhost --protocol tcp \ - --skip-column-names --batch --skip-print-query-on-error \ - -e 'select @@skip_networking' 2>&1) - - case "$s" in - 1) # skip-networking=1 (no network) - ;& - ERROR\ 2002\ \(HY000\):*) - # cannot connect - connect_s=1 - ;; - 0) # skip-networking=0 - ;& - ERROR\ 1820\ \(HY000\)*) # password expire - ;& - ERROR\ 4151\ \(HY000\):*) # account locked - ;& - ERROR\ 1226\ \(42000\)*) # resource limit exceeded - ;& - ERROR\ 1[0-9][0-9][0-9]\ \(28000\):*) - # grep access denied and other 28000 client errors - we did connect - connect_s=0 - ;; - *) - >&2 echo "Unknown error $s" - connect_s=1 - ;; - esac - return $connect_s -} - -# INNODB_INITIALIZED -# -# This tests that the crash recovery of InnoDB has completed -# along with all the other things required to make it to a healthy -# operational state. Note this may return true in the early -# states of initialization. Use with a connect test to avoid -# these false positives. -innodb_initialized() -{ - local s - s=$(_process_sql --skip-column-names -e "select 1 from information_schema.ENGINES WHERE engine='innodb' AND support in ('YES', 'DEFAULT', 'ENABLED')") - [ "$s" == 1 ] -} - -# INNODB_BUFFER_POOL_LOADED -# -# Tests the load of the innodb buffer pool as been complete -# implies innodb_buffer_pool_load_at_startup=1 (default), or if -# manually SET innodb_buffer_pool_load_now=1 -innodb_buffer_pool_loaded() -{ - local s - s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='Innodb_buffer_pool_load_status'") - if [[ $s =~ 'load completed' ]]; then - return 0 - fi - return 1 -} - -# GALERA_ONLINE -# -# Tests that the galera node is in the SYNCed state -galera_online() -{ - local s - s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='WSREP_LOCAL_STATE'") - # 4 from https://galeracluster.com/library/documentation/node-states.html#node-state-changes - # not https://xkcd.com/221/ - if [[ $s -eq 4 ]]; then - return 0 - fi - return 1 -} - -# GALERA_READY -# -# Tests that the Galera provider is ready. -galera_ready() -{ - local s - s=$(_process_sql --skip-column-names -e "select VARIABLE_VALUE from information_schema.GLOBAL_STATUS WHERE VARIABLE_NAME='WSREP_READY'") - if [ "$s" = "ON" ]; then - return 0 - fi - return 1 -} - -# REPLICATION -# -# Tests the replication has the required set of functions: -# --replication_all -> Checks all replication sources -# --replication_name=n -> sets the multisource connection name tested -# --replication_io -> IO thread is running -# --replication_sql -> SQL thread is running -# --replication_seconds_behind_master=n -> less than or equal this seconds of delay -# --replication_sql_remaining_delay=n -> less than or equal this seconds of remaining delay -# (ref: https://mariadb.com/kb/en/delayed-replication/) -replication() -{ - # SHOW REPLICA available 10.5+ - # https://github.com/koalaman/shellcheck/issues/2383 - # shellcheck disable=SC2016,SC2026 - _process_sql -e "SHOW ${repl['all']:+all} REPLICA${repl['all']:+S} ${repl['name']:+'${repl['name']}'} STATUS\G" | \ - { - # required for trim of leading space. - shopt -s extglob - # Row header - read -t 5 -r - # read timeout - [ $? -gt 128 ] && return 1 - while IFS=":" read -t 1 -r n v; do - # Trim leading space - n=${n##+([[:space:]])} - # Leading space on all values by the \G format needs to be trimmed. - v=${v:1} - case "$n" in - Slave_IO_Running) - if [ -n "${repl['io']}" ] && [ "$v" = 'No' ]; then - return 1 - fi - ;; - Slave_SQL_Running) - if [ -n "${repl['sql']}" ] && [ "$v" = 'No' ]; then - return 1 - fi - ;; - Seconds_Behind_Master) - # A NULL value is the IO thread not running: - if [ -n "${repl['seconds_behind_master']}" ] && - { [ "$v" = NULL ] || - (( "${repl['seconds_behind_master']}" < "$v" )); }; then - return 1 - fi - ;; - SQL_Remaining_Delay) - # Unlike Seconds_Behind_Master, sql_remaining_delay will hit NULL - # once replication is caught up - https://mariadb.com/kb/en/delayed-replication/ - if [ -n "${repl['sql_remaining_delay']}" ] && - [ "$v" != NULL ] && - (( "${repl['sql_remaining_delay']}" < "$v" )); then - return 1 - fi - ;; - esac - done - # read timeout - [ $? -gt 128 ] && return 1 - return 0 - } - # reachable in command not found(?) - # shellcheck disable=SC2317 - return $? -} - -# mariadbupgrade -# -# Test the lock on the file $datadir/mariadb_upgrade_info -# https://jira.mariadb.org/browse/MDEV-27068 -mariadbupgrade() -{ - local f="$datadir/mariadb_upgrade_info" - if [ -r "$f" ]; then - flock --exclusive --nonblock -n 9 9<"$f" - return $? - fi - return 0 -} - - -# MAIN - -if [ $# -eq 0 ]; then - echo "At least one argument required" >&2 - exit 1 -fi - -#ENDOFSUBSTITUTIONS -# Marks the end of mysql -> mariadb name changes in 10.6+ -# Global variables used by tests -declare -A repl -declare -A def -nodefaults= -connect_s= -datadir=/var/lib/mysql -if [ -f $datadir/.my-healthcheck.cnf ]; then - def['extra_file']=$datadir/.my-healthcheck.cnf -fi - -_repl_param_check() -{ - case "$1" in - seconds_behind_master) ;& - sql_remaining_delay) - if [ -z "${repl['io']}" ]; then - repl['io']=1 - echo "Forcing --replication_io=1, $1 requires IO thread to be running" >&2 - fi - ;; - all) - if [ -n "${repl['name']}" ]; then - unset 'repl[name]' - echo "Option --replication_all incompatible with specified source --replication_name, clearing replication_name" >&2 - fi - ;; - name) - if [ -n "${repl['all']}" ]; then - unset 'repl[all]' - echo "Option --replication_name incompatible with --replication_all, clearing replication_all" >&2 - fi - ;; - esac -} - -_test_exists() { - declare -F "$1" > /dev/null - return $? -} - -while [ $# -gt 0 ]; do - case "$1" in - --su=*) - u="${1#*=}" - shift - exec gosu "${u}" "${BASH_SOURCE[0]}" "$@" - ;; - --su) - shift - u=$1 - shift - exec gosu "$u" "${BASH_SOURCE[0]}" "$@" - ;; - --su-mysql) - shift - exec gosu mysql "${BASH_SOURCE[0]}" "$@" - ;; - --replication_*=*) - # Change the n to what is between _ and = and make lower case - n=${1#*_} - n=${n%%=*} - n=${n,,*} - # v is after the = - v=${1#*=} - repl[$n]=$v - _repl_param_check "$n" - ;; - --replication_*) - # Without =, look for a non --option next as the value, - # otherwise treat it as an "enable", just equate to 1. - # Clearing option is possible with "--replication_X=" - n=${1#*_} - n=${n,,*} - if [ "${2:0:2}" == '--' ]; then - repl[$n]=1 - else - repl[$n]=$2 - shift - fi - _repl_param_check "$n" - ;; - --datadir=*) - datadir=${1#*=} - ;; - --datadir) - shift - datadir=${1} - ;; - --no-defaults) - def=() - nodefaults=1 - ;; - --defaults-file=*|--defaults-extra-file=*|--defaults-group-suffix=*) - n=${1:11} # length --defaults- - n=${n%%=*} - n=${n//-/_} - # v is after the = - v=${1#*=} - def[$n]=$v - nodefaults= - ;; - --defaults-file|--defaults-extra-file|--defaults-group-suffix) - n=${1:11} # length --defaults- - n=${n//-/_} - if [ "${2:0:2}" == '--' ]; then - def[$n]="" - else - def[$n]=$2 - shift - fi - nodefaults= - ;; - --no-connect) - # used for /docker-entrypoint-initdb.d scripts - # where you definately don't want a connection test - connect_s=0 - ;; - --*) - test=${1#--} - ;; - *) - echo "Unknown healthcheck option $1" >&2 - exit 1 - esac - if [ -n "$test" ]; then - if ! _test_exists "$test" ; then - echo "healthcheck unknown option or test '$test'" >&2 - exit 1 - elif ! "$test"; then - echo "healthcheck $test failed" >&2 - exit 1 - fi - test= - fi - shift -done -if [ "$connect_s" != "0" ]; then - # we didn't pass a connnect test, so the current success status is suspicious - # return what connect thinks. - connect - exit $? -fi diff --git a/versions.json b/versions.json index 5facecf5..a8a154e6 100644 --- a/versions.json +++ b/versions.json @@ -110,5 +110,33 @@ "ppc64le", "s390x" ] + }, + "11.6": { + "milestone": "11.6", + "version": "11.6.2", + "fullVersion": "1:11.6.2+maria~ubu2404", + "releaseStatus": "Stable", + "supportType": "Short Term Support", + "base": "ubuntu:noble", + "arches": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ] + }, + "11.6-ubi": { + "milestone": "11.6", + "version": "11.6.2", + "fullVersion": "11.6.2", + "releaseStatus": "Stable", + "supportType": "Short Term Support", + "base": "ubi9", + "arches": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ] } } From 36bc0fe6b560801dff69266ce08c5c31d2ef6022 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 22 Nov 2024 08:32:10 +1100 Subject: [PATCH 3/4] Update to 11.6.2 (stable) --- 11.6-ubi/Dockerfile | 8 ++++---- 11.6-ubi/docker-entrypoint.sh | 2 +- 11.6/Dockerfile | 8 ++++---- 11.6/docker-entrypoint.sh | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/11.6-ubi/Dockerfile b/11.6-ubi/Dockerfile index d205b3f0..8bf1dece 100644 --- a/11.6-ubi/Dockerfile +++ b/11.6-ubi/Dockerfile @@ -36,7 +36,7 @@ COPY MariaDB.repo /etc/yum.repos.d/ # https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html/red_hat_openshift_software_certification_policy_guide/assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction#con-image-metadata-requirements_openshift-sw-cert-policy-container-images LABEL name="MariaDB Server" \ vendor="MariaDB Community" \ - version="11.6.1" \ + version="11.6.2" \ release="Refer to Annotations org.opencontainers.image.{revision,source}" \ summary="MariaDB Database" \ description="MariaDB Database for relational SQL" @@ -50,13 +50,13 @@ LABEL org.opencontainers.image.authors="MariaDB Community" \ org.opencontainers.image.licenses="GPL-2.0" \ org.opencontainers.image.source="https://github.com/MariaDB/mariadb-docker" \ org.opencontainers.image.vendor="MariaDB Community" \ - org.opencontainers.image.version="11.6.1" \ + org.opencontainers.image.version="11.6.2" \ org.opencontainers.image.url="https://github.com/MariaDB/mariadb-docker" # bashbrew-architectures: amd64 arm64v8 ppc64le s390x -ARG MARIADB_VERSION=11.6.1 +ARG MARIADB_VERSION=11.6.2 ENV MARIADB_VERSION=$MARIADB_VERSION -# release-status:RC +# release-status:Stable # release-support-type:Short Term Support # (https://downloads.mariadb.org/rest-api/mariadb/) diff --git a/11.6-ubi/docker-entrypoint.sh b/11.6-ubi/docker-entrypoint.sh index 9539eb80..36f54d62 100755 --- a/11.6-ubi/docker-entrypoint.sh +++ b/11.6-ubi/docker-entrypoint.sh @@ -225,7 +225,7 @@ docker_create_db_directories() { } _mariadb_version() { - echo -n "11.6.1-MariaDB" + echo -n "11.6.2-MariaDB" } # initializes the database directory diff --git a/11.6/Dockerfile b/11.6/Dockerfile index ffc341a3..4986cf77 100644 --- a/11.6/Dockerfile +++ b/11.6/Dockerfile @@ -75,18 +75,18 @@ LABEL org.opencontainers.image.authors="MariaDB Community" \ org.opencontainers.image.licenses="GPL-2.0" \ org.opencontainers.image.source="https://github.com/MariaDB/mariadb-docker" \ org.opencontainers.image.vendor="MariaDB Community" \ - org.opencontainers.image.version="11.6.1" \ + org.opencontainers.image.version="11.6.2" \ org.opencontainers.image.url="https://github.com/MariaDB/mariadb-docker" # bashbrew-architectures: amd64 arm64v8 ppc64le s390x -ARG MARIADB_VERSION=1:11.6.1+maria~ubu2404 +ARG MARIADB_VERSION=1:11.6.2+maria~ubu2404 ENV MARIADB_VERSION $MARIADB_VERSION -# release-status:RC +# release-status:Stable # release-support-type:Short Term Support # (https://downloads.mariadb.org/rest-api/mariadb/) # Allowing overriding of REPOSITORY, a URL that includes suite and component for testing and Enterprise Versions -ARG REPOSITORY="http://archive.mariadb.org/mariadb-11.6.1/repo/ubuntu/ noble main main/debug" +ARG REPOSITORY="http://archive.mariadb.org/mariadb-11.6.2/repo/ubuntu/ noble main main/debug" RUN set -e;\ echo "deb ${REPOSITORY}" > /etc/apt/sources.list.d/mariadb.list; \ diff --git a/11.6/docker-entrypoint.sh b/11.6/docker-entrypoint.sh index 9539eb80..36f54d62 100755 --- a/11.6/docker-entrypoint.sh +++ b/11.6/docker-entrypoint.sh @@ -225,7 +225,7 @@ docker_create_db_directories() { } _mariadb_version() { - echo -n "11.6.1-MariaDB" + echo -n "11.6.2-MariaDB" } # initializes the database directory From 3b58d55bb63c5dd7f8117e96836cd6930e2c926e Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 22 Nov 2024 08:32:40 +1100 Subject: [PATCH 4/4] temp; update.sh bump to 11.6.2 ahead of downloads api --- update.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/update.sh b/update.sh index 331bda8a..48e93483 100755 --- a/update.sh +++ b/update.sh @@ -188,6 +188,7 @@ mariaversion() mariaVersion=$(curl -fsSL "$DOWNLOADS_REST_API/mariadb/${version%-*}" \ | jq -r 'first(.releases[] | .release_id | select(. | test("[0-9]+.[0-9]+.[0-9]+$")))') mariaVersion=${mariaVersion//\"} + if [ "$mariaVersion" = 11.6.1 ]; then mariaVersion=11.6.2; fi } all() @@ -238,8 +239,8 @@ for version in "${versions[@]}"; do fi readarray -t release <<< "$(curl -fsSL "$DOWNLOADS_REST_API/mariadb/" \ | jq -r --arg version "${version%-*}" '.major_releases[] | select(.release_id == $version) | [ .release_status ] , [ .release_support_type ] | @tsv')" - releaseStatus=${release[0]:-Unknown} - supportType=${release[1]:-Unknown} + releaseStatus=${release[0]:-Stable} + supportType=${release[1]:-Short Term Support} update_version done