PS-9823 fix: mysql_migrate_keyring won't work with PS's components (9.x)#5655
Merged
percona-ysorokin merged 3 commits intopercona:trunkfrom Jul 16, 2025
Conversation
percona-ysorokin
changed the title
https://perconadev.atlassian.net/browse/PS-9823 Reworked keyring components to make sure their corresponding '.so' objects do not have unresolved symbols (from the 'dlopen(..., RTLD_NOW)' point of view). This change is needed to ensure that keyring components can be loaded not only from the 'mysqld' executable but from utilities like 'mysql_migrate_keyring' as well. Keyring components' 'CMakeLists.txt' files fortified with aditional linking option '${LINK_FLAG_NO_UNDEFINED}' (-Wl,--no-undefined) which prevents building '.so' shared objects with unresolved sumbols. Removed custom allocator from the 'components/keyrings/common/data/pfs_string.h' header to eliminate divergence from upstream code. 'pfs_string' kept as an alias to 'std::string' to minimize Percona code changes. Removed 'DBUG_TRACE' calls from the 'component_keyring_kmip' code to get rid of 'mysys' library dependency. Calls to 'mysql_components_handle_std_exception()' inside 'component_keyring_kmip' replaced with 'LogComponentErr()' to avoid dependency on 'minchassis'. 'memset_s()' Percona's extension function renamed to 'my_memset_s()'. Added a series of 'component_keyring_xxx.dynamic_loading' MTR test cases (one for each keyring component: 'file', 'kmip', 'kms') that checks if the component's '.so' file does not have unresolved symbols in order to make sure that it can be loaded from auxiliary utilities (like 'mysql_migrate_keyring'). These MTR test cases internally build a helper utility from the '.cpp' file ('mysql-test/std_data/dlopen_checker.cpp') that simply performs an attempt to call 'dlopen(..., RTLD_NOW)' for the provided '.so' object. Added 'keyring_vault.migrate_keyring' MTR test case that tests for keyring data migration from 'keyring_vault' plugin to 'keyring_file' plugin and back. Internally, it uses 'mysqld' executable in keyring data migration mode to perform key stansfer from one plugin to another. Added 'have_keyring_file_plugin.inc' MTR include file that helps to identify if the server was build with 'keyring_file' plugin. Removed 'have_keyring_kmip_plugin.inc' MTR include file added previously by mistake.
…v/PS-9823-8.4-mysql_migrate_keyring_unusable https://perconadev.atlassian.net/browse/PS-9823 Reworked keyring components to make sure their corresponding '.so' objects do not have unresolved symbols (from the 'dlopen(..., RTLD_NOW)' point of view). This change is needed to ensure that keyring components can be loaded not only from the 'mysqld' executable but from utilities like 'mysql_migrate_keyring' as well. Keyring components' 'CMakeLists.txt' files fortified with aditional linking option '${LINK_FLAG_NO_UNDEFINED}' (-Wl,--no-undefined) which prevents building '.so' shared objects with unresolved sumbols. Removed custom allocator from the 'components/keyrings/common/data/pfs_string.h' header to eliminate divergence from upstream code. 'pfs_string' kept as an alias to 'std::string' to minimize Percona code changes. Removed 'DBUG_TRACE' calls from the 'component_keyring_kmip' code to get rid of 'mysys' library dependency. Calls to 'mysql_components_handle_std_exception()' inside both 'component_keyring_kmip' and 'component_keyring_vault' replaced with 'LogComponentErr()' to avoid dependency on 'minchassis'. Added explicit dependency on 'OpenSSL::Crypto' for the component_keyring_vault' (needed for AES functions). 'memset_s()' Percona's extension function moved from 'mysys' to 'library_mysys' and renamed to 'my_memset_s()'. Removed unused 'components/keyrings/common/data/keyring_alloc.h'. Removed unused 'plugin/keyring/common/secure_string.h'. Removed unused 'Secure_allocator' class template from the 'plugin/keyring/common/keyring_memory.h'. Added a series of 'component_keyring_xxx.dynamic_loading' MTR test cases (one for each keyring component: 'file', 'vault', 'kmip', 'kms') that checks if the component's '.so' file does not have unresolved symbols in order to make sure that it can be loaded from auxiliary utilities (like 'mysql_migrate_keyring'). These MTR test cases internally build a helper utility from the '.cpp' file ('mysql-test/std_data/dlopen_checker.cpp') that simply performs an attempt to call 'dlopen(..., RTLD_NOW)' for the provided '.so' object. Added 'component_keyring_vault.migrate_keyring' MTR test case that tests for keyring data migration from 'component_keyring_vault' to 'component_keyring_file' and back.
…v/PS-9823-9.x-mysql_migrate_keyring_unusable https://perconadev.atlassian.net/browse/PS-9823 Re-recorded 'component_keyring_vault.log_encrypt_3' and 'component_keyring_vault.table_encrypt_3' MTR test cases because of the deprecated 'FLUSH PRIVILEGES' statement. Re-recorded 'component_keyring_vault.table_encrypt_debug' MTR test case because of the changed error message for discarded tablespaces.
percona-ysorokin
force-pushed
the
dev/PS-9823-9.x-mysql_migrate_keyring_unusable
branch
from
1c61b7d to
4855b4c
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://perconadev.atlassian.net/browse/PS-9823