PS-9823 fix: mysql_migrate_keyring won't work with PS's components (8.0) #5648
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| @@ -0,0 +1,27 @@ | |||
| # ==== Purpose ==== | |||
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
invalid preprocessing directive
| @@ -0,0 +1,27 @@ | |||
| # ==== Purpose ==== | |||
| # | |||
| # Check if the provided library ('.so') can be successfully loaded with 'dlopen(..., RTLD_NOW)' | |||
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
invalid preprocessing directive
| # | ||
| # Check if the provided library ('.so') can be successfully loaded with 'dlopen(..., RTLD_NOW)' | ||
| # | ||
| # ==== Usage ==== |
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
invalid preprocessing directive
| # | ||
| # ==== Usage ==== | ||
| # | ||
| # --let $DLOPEN_CHECKER_LIBRARY_PATH = <path_to_the_library> |
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
invalid preprocessing directive
| # ==== Usage ==== | ||
| # | ||
| # --let $DLOPEN_CHECKER_LIBRARY_PATH = <path_to_the_library> | ||
| # --source include/keyring_tests/mats/dynamic_loading.inc |
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
invalid preprocessing directive
| # --let $DLOPEN_CHECKER_LIBRARY_PATH = <path_to_the_library> | ||
| # --source include/keyring_tests/mats/dynamic_loading.inc | ||
| # | ||
| # ==== Parameters ==== |
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
invalid preprocessing directive
| # | ||
| # ==== Parameters ==== | ||
| # | ||
| # DLOPEN_CHECKER_LIBRARY_PATH |
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
invalid preprocessing directive
| # ==== Parameters ==== | ||
| # | ||
| # DLOPEN_CHECKER_LIBRARY_PATH | ||
| # Full path to the library that needs to be checked for unresolved symbols ('.so') |
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
invalid preprocessing directive
| # Full path to the library that needs to be checked for unresolved symbols ('.so') | ||
| # | ||
|
|
||
| --let $dlopen_checker_source = $MYSQL_TEST_DIR/std_data/dlopen_checker.cpp |
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
expected unqualified-id
| @@ -0,0 +1,6 @@ | |||
| # | |||
| # Check if the variable KEYRING_PLUGIN is set | |||
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
invalid preprocessing directive
| # | ||
| # Check if the variable KEYRING_PLUGIN is set | ||
| # | ||
| if (!$KEYRING_PLUGIN) { |
There was a problem hiding this comment.
❌ clang-diagnostic-error ❌
expected unqualified-id
| @@ -563,8 +563,10 @@ char *my_strndup(PSI_memory_key key, const char *from, size_t length, | |||
| return ptr; | |||
| } | |||
|
|
|||
| #if !defined(HAVE_MEMSET_S) | |||
| void memset_s(void *dest, size_t dest_max, int c, size_t n) { | |||
| void my_memset_s(void *dest, size_t dest_max, int c, size_t n) { | |||
There was a problem hiding this comment.
parameter name c is too short, expected at least 2 characters
| @@ -53,7 +53,7 @@ Binlog_crypt_data::Binlog_crypt_data(const Binlog_crypt_data &b) | |||
| void Binlog_crypt_data::free_key(uchar *&key, size_t &key_length) noexcept { | |||
| if (key != nullptr) { | |||
| assert(key_length == 16); | |||
| memset_s(key, 512, 0, key_length); | |||
| my_memset_s(key, 512, 0, key_length); | |||
There was a problem hiding this comment.
512 is a magic number; consider replacing it with a named constant
| #if !defined(HAVE_MEMSET_S) | ||
| void memset_s(void *dest, size_t dest_max, int c, size_t n); | ||
| #endif | ||
| void my_memset_s(void *dest, size_t dest_max, int c, size_t n); |
There was a problem hiding this comment.
parameter name c is too short, expected at least 2 characters
| @@ -184,8 +182,11 @@ bool Keyring_kmip_backend::store(const Metadata &metadata, | |||
| return true; | |||
| } | |||
| data.set_extension({id}); | |||
| } catch (const std::exception &e) { | |||
| LogComponentErr(ERROR_LEVEL, ER_STD_UNKNOWN_EXCEPTION, e.what(), __func__); | |||
There was a problem hiding this comment.
Same comment as for 8.4 version. I think we should be using error codes for logging instead of ER_UNKNOWN_ERROR/ER_STD_UNKNOWN_EXCEPTION which are supposed to be client
errors. Probably the easiest way to do this is to use ER_LOG_PRINTF_MSG like it is done in
other places in this file.
percona-ysorokin
force-pushed
the
dev/PS-9823-8.0-mysql_migrate_keyring_unusable
branch
from
296e149 to
b5bcaba
Compare
https://perconadev.atlassian.net/browse/PS-9823 Reworked keyring components to make sure their corresponding '.so' objects do not have unresolved symbols (from the 'dlopen(..., RTLD_NOW)' point of view). This change is needed to ensure that keyring components can be loaded not only from the 'mysqld' executable but from utilities like 'mysql_migrate_keyring' as well. Keyring components' 'CMakeLists.txt' files fortified with aditional linking option '${LINK_FLAG_NO_UNDEFINED}' (-Wl,--no-undefined) which prevents building '.so' shared objects with unresolved sumbols. Removed custom allocator from the 'components/keyrings/common/data/pfs_string.h' header to eliminate divergence from upstream code. 'pfs_string' kept as an alias to 'std::string' to minimize Percona code changes. Removed 'DBUG_TRACE' calls from the 'component_keyring_kmip' code to get rid of 'mysys' library dependency. Calls to 'mysql_components_handle_std_exception()' inside 'component_keyring_kmip' replaced with 'LogComponentErr()' to avoid dependency on 'minchassis'. 'memset_s()' Percona's extension function renamed to 'my_memset_s()'. Added a series of 'component_keyring_xxx.dynamic_loading' MTR test cases (one for each keyring component: 'file', 'kmip', 'kms') that checks if the component's '.so' file does not have unresolved symbols in order to make sure that it can be loaded from auxiliary utilities (like 'mysql_migrate_keyring'). These MTR test cases internally build a helper utility from the '.cpp' file ('mysql-test/std_data/dlopen_checker.cpp') that simply performs an attempt to call 'dlopen(..., RTLD_NOW)' for the provided '.so' object. Added 'keyring_vault.migrate_keyring' MTR test case that tests for keyring data migration from 'keyring_vault' plugin to 'keyring_file' plugin and back. Internally, it uses 'mysqld' executable in keyring data migration mode to perform key stansfer from one plugin to another. Added 'have_keyring_file_plugin.inc' MTR include file that helps to identify if the server was build with 'keyring_file' plugin. Removed 'have_keyring_kmip_plugin.inc' MTR include file added previously by mistake.
percona-ysorokin
force-pushed
the
dev/PS-9823-8.0-mysql_migrate_keyring_unusable
branch
from
b5bcaba to
b598edd
Compare
https://perconadev.atlassian.net/browse/PS-9823
Reworked keyring components to make sure their corresponding '.so' objects do not have unresolved symbols (from the 'dlopen(..., RTLD_NOW)' point of view). This change is needed to ensure that keyring components can be loaded not only from the 'mysqld' executable but from utilities like 'mysql_migrate_keyring' as well.
Keyring components' 'CMakeLists.txt' files fortified with aditional linking option '${LINK_FLAG_NO_UNDEFINED}' (-Wl,--no-undefined) which prevents building '.so' shared objects with unresolved sumbols.
Removed custom allocator from the 'components/keyrings/common/data/pfs_string.h' header to eliminate divergence from upstream code. 'pfs_string' kept as an alias to 'std::string' to minimize Percona code changes.
Removed 'DBUG_TRACE' calls from the 'component_keyring_kmip' code to get rid of 'mysys' library dependency.
Calls to 'mysql_components_handle_std_exception()' inside 'component_keyring_kmip' replaced with 'LogComponentErr()' to avoid dependency on 'minchassis'.
'memset_s()' Percona's extension function renamed to 'my_memset_s()'.
Added a series of 'component_keyring_xxx.dynamic_loading' MTR test cases (one for each keyring component: 'file', 'kmip', 'kms') that checks if the component's '.so' file does not have unresolved symbols in order to make sure that it can be loaded from auxiliary utilities (like 'mysql_migrate_keyring'). These MTR test cases internally build a helper utility from the '.cpp' file ('mysql-test/std_data/dlopen_checker.cpp') that simply performs an attempt to call 'dlopen(..., RTLD_NOW)' for the provided '.so' object.
Added 'keyring_vault.migrate_keyring' MTR test case that tests for keyring data migration from 'keyring_vault' plugin to 'keyring_file' plugin and back. Internally, it uses 'mysqld' executable in keyring data migration mode to perform key stansfer from one plugin to another.
Added 'have_keyring_file_plugin.inc' MTR include file that helps to identify if the server was build with 'keyring_file' plugin.
Removed 'have_keyring_kmip_plugin.inc' MTR include file added previously by mistake.