mariadb package update 10.4

Signed-off-by: mariadbbuilder_pel7x64builder0 <mariadbbuilder@powerel.org>

SOURCES/LICENSE.clustercheck

@@ -0,0 +1,27 @@
+Copyright (c) 2012-2014, Olaf van Zandwijk
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors
+   may be used to endorse or promote products derived from this software without
+   specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

SOURCES/clustercheck.sh

@@ -0,0 +1,89 @@
+#!/bin/bash
+#
+# Script to make a proxy (ie HAProxy) capable of monitoring Galera cluster nodes properly
+#
+# Author: Olaf van Zandwijk <olaf.vanzandwijk@nedap.com>
+# Author: Raghavendra Prabhu <raghavendra.prabhu@percona.com>
+# Author: Ryan O'Hara <rohara@redhat.com>
+#
+# Documentation and download: https://github.com/olafz/percona-clustercheck
+#
+# Based on the original script from Unai Rodriguez
+#
+
+if [ -f @INSTALL_SYSCONFDIR@/sysconfig/clustercheck ]; then
+    . @INSTALL_SYSCONFDIR@/sysconfig/clustercheck
+fi
+
+MYSQL_USERNAME="${MYSQL_USERNAME-clustercheckuser}"
+MYSQL_PASSWORD="${MYSQL_PASSWORD-clustercheckpassword!}"
+MYSQL_HOST="${MYSQL_HOST:-127.0.0.1}"
+MYSQL_PORT="${MYSQL_PORT:-3306}"
+ERR_FILE="${ERR_FILE:-/dev/null}"
+AVAILABLE_WHEN_DONOR=${AVAILABLE_WHEN_DONOR:-0}
+AVAILABLE_WHEN_READONLY=${AVAILABLE_WHEN_READONLY:-1}
+DEFAULTS_EXTRA_FILE=${DEFAULTS_EXTRA_FILE:-@INSTALL_SYSCONFDIR@/my.cnf}
+
+#Timeout exists for instances where mysqld may be hung
+TIMEOUT=10
+
+if [[ -r $DEFAULTS_EXTRA_FILE ]];then
+    MYSQL_CMDLINE="mysql --defaults-extra-file=$DEFAULTS_EXTRA_FILE -nNE \
+                    --connect-timeout=$TIMEOUT \
+                    --user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} \
+                    --host=${MYSQL_HOST} --port=${MYSQL_PORT}"
+else
+    MYSQL_CMDLINE="mysql -nNE --connect-timeout=$TIMEOUT \
+                    --user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} \
+                    --host=${MYSQL_HOST} --port=${MYSQL_PORT}"
+fi
+#
+# Perform the query to check the wsrep_local_state
+#
+WSREP_STATUS=$($MYSQL_CMDLINE -e "SHOW STATUS LIKE 'wsrep_local_state';" \
+    2>${ERR_FILE} | tail -1 2>>${ERR_FILE})
+
+if [[ "${WSREP_STATUS}" == "4" ]] || [[ "${WSREP_STATUS}" == "2" && ${AVAILABLE_WHEN_DONOR} == 1 ]]
+then
+    # Check only when set to 0 to avoid latency in response.
+    if [[ $AVAILABLE_WHEN_READONLY -eq 0 ]];then
+        READ_ONLY=$($MYSQL_CMDLINE -e "SHOW GLOBAL VARIABLES LIKE 'read_only';" \
+                    2>${ERR_FILE} | tail -1 2>>${ERR_FILE})
+
+        if [[ "${READ_ONLY}" == "ON" ]];then
+            # Galera cluster node local state is 'Synced', but it is in
+            # read-only mode. The variable AVAILABLE_WHEN_READONLY is set to 0.
+            # => return HTTP 503
+            # Shell return-code is 1
+            echo -en "HTTP/1.1 503 Service Unavailable\r\n"
+            echo -en "Content-Type: text/plain\r\n"
+            echo -en "Connection: close\r\n"
+            echo -en "Content-Length: 35\r\n"
+            echo -en "\r\n"
+            echo -en "Galera cluster node is read-only.\r\n"
+            sleep 0.1
+            exit 1
+        fi
+    fi
+    # Galera cluster node local state is 'Synced' => return HTTP 200
+    # Shell return-code is 0
+    echo -en "HTTP/1.1 200 OK\r\n"
+    echo -en "Content-Type: text/plain\r\n"
+    echo -en "Connection: close\r\n"
+    echo -en "Content-Length: 32\r\n"
+    echo -en "\r\n"
+    echo -en "Galera cluster node is synced.\r\n"
+    sleep 0.1
+    exit 0
+else
+    # Galera cluster node local state is not 'Synced' => return HTTP 503
+    # Shell return-code is 1
+    echo -en "HTTP/1.1 503 Service Unavailable\r\n"
+    echo -en "Content-Type: text/plain\r\n"
+    echo -en "Connection: close\r\n"
+    echo -en "Content-Length: 36\r\n"
+    echo -en "\r\n"
+    echo -en "Galera cluster node is not synced.\r\n"
+    sleep 0.1
+    exit 1
+fi

SOURCES/mariadb-auth_pam_tool_dir.patch

@@ -0,0 +1,29 @@
+This scirpt is ran by the systemd service.
+In Fedora the service has priviledges dropped to the mysql user.
+Thus "chown 0" will always fail
+
+Never parse 'ls' output!
+http://mywiki.wooledge.org/BashFAQ/087
+
+--- mariadb-10.4.7/scripts/mysql_install_db.sh	2019-07-30 13:32:16.000000000 +0200
++++ mariadb-10.4.7/scripts/mysql_install_db.sh_patched	2019-08-22 16:29:28.341484925 +0200
+@@ -490,13 +490,16 @@ then
+   fi
+   if test -z "$srcdir"
+   then
+-    chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
+-    chmod 04755 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool"
+-    if test $? -ne 0
++    if [ `stat "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" -c %u` -ne 0 ]
+     then
++      chown 0 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool" && \
++      chmod 04755 "$pamtooldir/auth_pam_tool_dir/auth_pam_tool"
++      if test $? -ne 0
++      then
+         echo "Couldn't set an owner to '$pamtooldir/auth_pam_tool_dir/auth_pam_tool'."
+         echo " It must be root, the PAM authentication plugin doesn't work otherwise.."
+         echo
++      fi
+     fi
+   fi
+   args="$args --user=$user"

SOURCES/mariadb-logrotate.patch

@@ -12,60 +12,62 @@ Adjust the mysql-log-rotate script in several ways:
   is low-volume and so rotation is not critical functionality.
 
 See discussions at RH bugs 799735, 547007
+* Note they are from Fedora 15 / 16
 
+Update 3/2017
+* it would be big unexpected change for anyone upgrading, if we start shipping it now.
+  Maybe it is good candidate for shipping with MariaDB 10.2 ?
+* the 'mysqladmin flush logs' doesn´t guarantee, no entries are lost
+  during flushing, the operation is not atomic.
+  We should not ship it in that state
 
-diff -up mariadb-10.0.10/support-files/mysql-log-rotate.sh.p5 mariadb-10.0.10/support-files/mysql-log-rotate.sh
---- mariadb-10.0.10/support-files/mysql-log-rotate.sh.p5	2014-03-30 19:56:53.000000000 +0200
-+++ mariadb-10.0.10/support-files/mysql-log-rotate.sh	2014-04-07 16:30:11.264618655 +0200
-@@ -1,9 +1,9 @@
- # This logname can be set in /etc/my.cnf
--# by setting the variable "err-log"
--# in the [safe_mysqld] section as follows:
-+# by setting the variable "log-error"
-+# in the [mysqld_safe] section as follows:
+Update 6/2018
+* the SIGHUP causes server to flush all logs. No password admin needed, the only constraint is
+  beeing able to send the SIGHUP to the process and read the mysqld pid file, which root can.
+* Submited as PR: https://github.com/MariaDB/server/pull/807
+
+--- mariadb-10.3.19/support-files/mysql-log-rotate.sh	2019-11-03 17:03:27.000000000 +0100
++++ mariadb-10.3.19/support-files/mysql-log-rotate.sh_patched	2019-11-06 15:07:54.205379672 +0100
+@@ -3,23 +3,10 @@
+ # in the [mysqld] section as follows:
  #
--# [safe_mysqld]
--# err-log=@localstatedir@/mysqld.log
-+# [mysqld_safe]
+ # [mysqld]
+-# log-error=@localstatedir@/mysqld.log
+-#
+-# If the root user has a password you have to create a
+-# /root/.my.cnf configuration file with the following
+-# content:
+-#
+-# [mysqladmin]
+-# password = <secret> 
+-# user= root
+-#
+-# where "<secret>" is the password. 
+-#
+-# ATTENTION: This /root/.my.cnf should be readable ONLY
+-# for root !
 +# log-error=@LOG_LOCATION@
- #
- # If the root user has a password you have to create a
- # /root/.my.cnf configuration file with the following
-@@ -18,19 +18,21 @@
- # ATTENTION: This /root/.my.cnf should be readable ONLY
- # for root !
  
 -@localstatedir@/mysqld.log {
 -        # create 600 mysql mysql
--        notifempty
--	daily
--        rotate 3
--        missingok
--        compress
--    postrotate
--	# just if mysqld is really running
++@LOG_LOCATION@ {
++        create 600 mysql mysql
+         notifempty
+         daily
+         rotate 3
+@@ -27,11 +14,9 @@
+         compress
+     postrotate
+ 	# just if mysqld is really running
 -	if test -x @bindir@/mysqladmin && \
 -	   @bindir@/mysqladmin ping &>/dev/null
 -	then
--	   @bindir@/mysqladmin flush-logs
+-	   @bindir@/mysqladmin --local flush-error-log \
+-              flush-engine-log flush-general-log flush-slow-log
 -	fi
--    endscript
--}
-+# Then, un-comment the following lines to enable rotation of mysql's log file:
-+
-+#@LOG_LOCATION@ {
-+#        create 640 mysql mysql
-+#        notifempty
-+#	daily
-+#        rotate 3
-+#        missingok
-+#        compress
-+#    postrotate
-+#	# just if mysqld is really running
-+#	if test -x @bindir@/mysqladmin && \
-+#	   @bindir@/mysqladmin ping &>/dev/null
-+#	then
-+#	   @bindir@/mysqladmin flush-logs
-+#	fi
-+#    endscript
-+#}
++        if [ -e @PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid ]
++        then
++           kill -1 $(<@PID_FILE_DIR@/@DAEMON_NO_PREFIX@.pid)
++        fi
+     endscript
+ }

SOURCES/mariadb-pythonver.patch

@@ -0,0 +1,27 @@
+Upstream PR: https://github.com/MariaDB/server/pull/1081
+
+From d2cbf56d36e422802aa7e53ec0f4e6be8fd53cf5 Mon Sep 17 00:00:00 2001
+From: Honza Horak <hhorak@redhat.com>
+Date: Wed, 9 Jan 2019 20:17:29 +0100
+Subject: [PATCH] Make the PYTHON_SHEBANG value configurable
+
+In Fedora 30 it is required to specify either /usr/bin/python2 or /usr/bin/python3 in the shebang, so we need a way to say explicit shebang, ideally in the cmake call.
+---
+ CMakeLists.txt | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index a139c9e5fa4..ccccb08bef1 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -342,7 +342,9 @@ MYSQL_CHECK_SSL()
+ MYSQL_CHECK_READLINE()
+ 
+ SET(MALLOC_LIBRARY "system")
+-SET(PYTHON_SHEBANG "/usr/bin/env python" CACHE STRING "python shebang")
++IF(NOT DEFINED PYTHON_SHEBANG)
++  SET(PYTHON_SHEBANG "/usr/bin/env python")
++ENDIF()
+ MARK_AS_ADVANCED(PYTHON_SHEBANG)
+ 
+ CHECK_PCRE()

SOURCES/mariadb-scripts.patch

@@ -1,6 +1,9 @@
---- mariadb-10.1.11.orig/scripts/CMakeLists.txt	2016-01-28 13:12:51.000000000 +0100
-+++ mariadb-10.1.11/scripts/CMakeLists.txt	2016-02-03 12:46:26.306109293 +0100
-@@ -320,6 +320,34 @@ ELSE()
+We have some downstream patches and other scripts that include variables to
+be expanded by cmake. Cmake needs to know about them, so adding them manually.
+
+--- mariadb-10.3.8/scripts/CMakeLists.txt	2018-07-02 09:34:11.000000000 +0200
++++ mariadb-10.3.8/scripts/CMakeLists.txt_patched	2018-07-03 10:58:15.954670153 +0200
+@@ -361,6 +361,34 @@ ELSE()
        COMPONENT ${${file}_COMPONENT}
       )
    ENDFOREACH()
@@ -11,13 +14,12 @@
 +    mysql.service
 +    mysql@.service
 +    mysql-prepare-db-dir
-+    mysql-wait-ready
-+    mysql-wait-stop
 +    mysql-check-socket
 +    mysql-check-upgrade
 +    mysql-scripts-common
 +    mysql_config_multilib
-+    mysql.init
++    clustercheck
++    galera_new_cluster
 +    my.cnf
 +  )
 +  FOREACH(file ${SYSTEMD_SCRIPTS})
@@ -32,6 +34,7 @@
 +        "${CMAKE_CURRENT_SOURCE_DIR}" )
 +    ENDIF()
 +  ENDFOREACH()
++
  ENDIF()
  
- # Configure two scripts from one 'in' file.
+ # Install libgcc as  mylibgcc.a

SOURCES/mariadb-ssl-cipher-tests.patch

@@ -0,0 +1,52 @@
+diff -up mariadb-10.3.9/mysql-test/main/ssl_cipher.test.fixtest mariadb-10.3.9/mysql-test/main/ssl_cipher.test
+--- mariadb-10.3.9/mysql-test/main/ssl_cipher.test.fixtest	2019-01-27 19:39:19.610027153 +0100
++++ mariadb-10.3.9/mysql-test/main/ssl_cipher.test	2019-01-27 19:42:10.045430776 +0100
+@@ -13,7 +13,9 @@
+ connect (ssl_con,localhost,root,,,,,SSL);
+ 
+ # Check Cipher Name and Cipher List
++--replace_regex /TLS_AES_.*/AES128-SHA/
+ SHOW STATUS LIKE 'Ssl_cipher';
++--replace_regex /TLS_AES_.*/AES128-SHA/
+ SHOW STATUS LIKE 'Ssl_cipher_list';
+ 
+ connection default;
+diff -up mariadb-10.3.9/mysql-test/main/ssl.result.fixtestssl mariadb-10.3.9/mysql-test/main/ssl.result
+--- mariadb-10.3.9/mysql-test/main/ssl.result.fixtestssl	2019-01-27 20:41:52.605213547 +0100
++++ mariadb-10.3.9/mysql-test/main/ssl.result	2019-01-27 20:42:03.977320005 +0100
+@@ -2176,7 +2176,7 @@ still connected?
+ connection default;
+ disconnect ssl_con;
+ create user mysqltest_1@localhost;
+-grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA";
++grant usage on mysqltest.* to mysqltest_1@localhost require cipher "TLS_AES_256_GCM_SHA384";
+ Variable_name	Value
+-Ssl_cipher	AES256-SHA
++Ssl_cipher	TLS_AES_256_GCM_SHA384
+ drop user mysqltest_1@localhost;
+diff -up mariadb-10.3.9/mysql-test/main/ssl.test.fixtestssl mariadb-10.3.9/mysql-test/main/ssl.test
+--- mariadb-10.3.9/mysql-test/main/ssl.test.fixtestssl	2019-01-27 20:40:39.756531579 +0100
++++ mariadb-10.3.9/mysql-test/main/ssl.test	2019-01-27 20:41:02.631745724 +0100
+@@ -33,8 +33,8 @@ connection default;
+ disconnect ssl_con;
+ 
+ create user mysqltest_1@localhost;
+-grant usage on mysqltest.* to mysqltest_1@localhost require cipher "AES256-SHA";
+---exec $MYSQL -umysqltest_1 --ssl-cipher=AES256-SHA -e "show status like 'ssl_cipher'" 2>&1
++grant usage on mysqltest.* to mysqltest_1@localhost require cipher "TLS_AES_256_GCM_SHA384";
++--exec $MYSQL -umysqltest_1 --ssl-cipher=TLS_AES_256_GCM_SHA384 -e "show status like 'ssl_cipher'" 2>&1
+ drop user mysqltest_1@localhost;
+ 
+ # Wait till all disconnects are completed
+diff -up mariadb-10.3.9/mysql-test/main/ssl_cert_verify.test.fixcerttest mariadb-10.3.9/mysql-test/main/ssl_cert_verify.test
+--- mariadb-10.3.9/mysql-test/main/ssl_cert_verify.test.fixcerttest	2019-01-27 21:11:12.280726041 +0100
++++ mariadb-10.3.9/mysql-test/main/ssl_cert_verify.test	2019-01-27 21:10:01.034041434 +0100
+@@ -30,7 +30,7 @@ let $ssl_verify_pass_path = --ssl --ssl-
+ --enable_reconnect
+ --source include/wait_until_connected_again.inc
+ 
+---replace_result TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION
++--replace_result TLSv1.3 TLS_VERSION TLSv1.2 TLS_VERSION TLSv1.1 TLS_VERSION TLSv1 TLS_VERSION
+ --exec $MYSQL --protocol=tcp --ssl-ca=$MYSQL_TEST_DIR/std_data/ca-cert-verify.pem --ssl-verify-server-cert -e "SHOW STATUS like 'Ssl_version'"
+ 
+ --echo # restart server using restart

SOURCES/mysql-check-socket.sh

@@ -25,10 +25,10 @@ if test -e "$socketfile" ; then
     fi
 
     # some process uses the socket file
-    if fuser "$socketfile" &>/dev/null ; then
-        socketpid=$(fuser "$socketfile" 2>/dev/null)
+    response=`@bindir@/mysqladmin --no-defaults --socket="$socketfile" --user=UNKNOWN_MYSQL_USER --connect-timeout="${CHECKSOCKETTIMEOUT:-10}" ping 2>&1`
+    if [ $? -eq 0 ] || echo "$response" | grep -q "Access denied for user" ; then
         echo "Is another MySQL daemon already running with the same unix socket?" >&2
-        echo "Please, stop the process $socketpid or remove $socketfile manually to start the service." >&2
+        echo "Please, stop the process using the socket $socketfile or remove the file manually to start the service." >&2
         exit 1
     fi
 

SOURCES/mysql-prepare-db-dir.sh

@@ -5,6 +5,29 @@
 
 source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common"
 
+export LC_ALL=C
+
+# Returns content of the specified directory
+# If listing files fails, fake-file is returned so which means
+# we'll behave like there was some data initialized
+# Some files or directories are fine to be there, so those are
+# explicitly removed from the listing
+# @param <dir> datadir
+list_datadir ()
+{
+    ( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \
+    -e '^lost+found$' \
+    -e '\.err$' \
+    -e '^.bash_history$'
+}
+
+# Checks whether datadir should be initialized
+# @param <dir> datadir
+should_initialize ()
+{
+    test -z "$(list_datadir "$1")"
+}
+
 # If two args given first is user, second is group
 # otherwise the arg is the systemd service file
 if [ "$#" -eq 2 ]
@@ -36,27 +59,26 @@ else
 fi
 
 # Set up the errlogfile with appropriate permissions
-touch "$errlogfile"
-ret=$?
-# Provide some advice if the log file cannot be touched
-if [ $ret -ne 0 ] ; then
-    errlogdir=$(dirname $errlogfile)
+if [ ! -e "$errlogfile" -a ! -h "$errlogfile" -a x$(dirname "$errlogfile") = "x/var/log" ]; then
+    case $(basename "$errlogfile") in
+        mysql*.log|mariadb*.log) install /dev/null -m0640 -o$myuser -g$mygroup "$errlogfile" ;;
+        *) ;;
+    esac
+else
+    # Provide some advice if the log file cannot be created by this script
+    errlogdir=$(dirname "$errlogfile")
     if ! [ -d "$errlogdir" ] ; then
-        echo "The directory $errlogdir does not exist."
-    elif [ -f "$errlogfile" ] ; then
-        echo "The log file $errlogfile cannot be touched, please, fix its permissions."
-    else
-        echo "The log file $errlogfile could not be created."
+        echo "The directory $errlogdir does not exist." >&2
+        exit 1
+    elif [ -e "$errlogfile" -a ! -w "$errlogfile" ] ; then
+        echo "The log file $errlogfile cannot be written, please, fix its permissions." >&2
+        echo "The daemon will be run under $myuser:$mygroup" >&2
+        exit 1
     fi
-    echo "The daemon will be run under $myuser:$mygroup"
-    exit 1
 fi
-chown "$myuser:$mygroup" "$errlogfile"
-chmod 0640 "$errlogfile"
-[ -x /sbin/restorecon ] && /sbin/restorecon "$errlogfile"
 
-# Make the data directory
-if [ ! -d "$datadir/mysql" ] ; then
+# Make the data directory if doesn't exist or empty
+if should_initialize "$datadir" ; then
     # First, make sure $datadir is there with correct permissions
     # (note: if it's not, and we're not root, this'll fail ...)
     if [ ! -e "$datadir" -a ! -h "$datadir" ]
@@ -68,22 +90,48 @@ if [ ! -d "$datadir/mysql" ] ; then
     [ -x /sbin/restorecon ] && /sbin/restorecon "$datadir"
 
     # Now create the database
-    echo "Initializing @NICE_PROJECT_NAME@ database"
-    @bindir@/mysql_install_db --rpm --datadir="$datadir" --user="$myuser"
+    echo "Initializing @NICE_PROJECT_NAME@ database" >&2
+    # Avoiding deletion of files not created by mysql_install_db is
+    # guarded by time check and sleep should help work-arounded
+    # potential issues on systems with 1 second resolution timestamps
+    # https://bugzilla.redhat.com/show_bug.cgi?id=1335849#c19
+    INITDB_TIMESTAMP=`LANG=C date -u`
+    sleep 1
+    @bindir@/mysql_install_db --rpm --datadir="$datadir" --user="$myuser" --skip-test-db >&2
     ret=$?
     if [ $ret -ne 0 ] ; then
         echo "Initialization of @NICE_PROJECT_NAME@ database failed." >&2
-        echo "Perhaps @sysconfdir@/my.cnf is misconfigured." >&2
+        echo "Perhaps @sysconfdir@/my.cnf is misconfigured or there is some problem with permissions of $datadir." >&2
         # Clean up any partially-created database files
-        if [ ! -e "$datadir/mysql/user.frm" ] ; then
-            rm -rf "$datadir"/*
+        if [ ! -e "$datadir/mysql/user.frm" ] && [ -d "$datadir" ] ; then
+            echo "Initialization of @NICE_PROJECT_NAME@ database was not finished successfully." >&2
+            echo "Files created so far will be removed." >&2
+            find "$datadir" -mindepth 1 -maxdepth 1 -newermt "$INITDB_TIMESTAMP" \
+                 -not -name "lost+found" -exec rm -rf {} +
+            if [ $? -ne 0 ] ; then
+                echo "Removing of created files was not successfull." >&2
+                echo "Please, clean directory $datadir manually." >&2
+            fi
+        else
+            echo "However, part of data has been initialized and those will not be removed." >&2
+            echo "Please, clean directory $datadir manually." >&2
         fi
         exit $ret
     fi
     # upgrade does not need to be run on a fresh datadir
     echo "@VERSION@-MariaDB" >"$datadir/mysql_upgrade_info"
-    # In case we're running as root, make sure files are owned properly
-    chown -R "$myuser:$mygroup" "$datadir"
+else
+    if [ -d "$datadir/mysql/" ] ; then
+        # mysql dir exists, it seems data are initialized properly
+        echo "Database @NICE_PROJECT_NAME@ is probably initialized in $datadir already, nothing is done."
+        echo "If this is not the case, make sure the $datadir is empty before running `basename $0`."
+    else
+        # if the directory is not empty but mysql/ directory is missing, then
+        # print error and let user to initialize manually or empty the directory
+        echo "Database @NICE_PROJECT_NAME@ is not initialized, but the directory $datadir is not empty, so initialization cannot be done." >&2
+        echo "Make sure the $datadir is empty before running `basename $0`." >&2
+        exit 1
+    fi
 fi
 
 exit 0

SOURCES/mysql-scripts-common.sh

@@ -18,13 +18,23 @@ get_mysql_option(){
 	sections="$1"
 	option_name="$2"
 	default_value="$3"
-	result=`@bindir@/my_print_defaults $sections | sed -n "s/^--${option_name}=//p" | tail -n 1`
+	result=`@bindir@/my_print_defaults $my_print_defaults_extra_args $sections | sed -n "s/^--${option_name}=//p" | tail -n 1`
 	if [ -z "$result" ]; then
 	    # not found, use default
 	    result="${default_value}"
 	fi
 }
 
+# For the case of running more instances via systemd, scrits that source
+# this file can get --default-group-suffix or similar option as the first
+# argument. The utility my_print_defaults needs to use it as well, so the
+# scripts sourcing this file work with the same options as the daemon.
+my_print_defaults_extra_args=''
+while echo "$1" | grep -q '^--defaults' ; do
+	my_print_defaults_extra_args="${my_print_defaults_extra_args} $1"
+	shift
+done
+
 # Defaults here had better match what mysqld_safe will default to
 # The option values are generally defined on three important places
 # on the default installation:
@@ -47,12 +57,12 @@ datadir="$result"
 # returns log-error
 # log-error might be defined in mysqld_safe and mysqld sections,
 # the former has bigger priority
-get_mysql_option "$server_sections" log-error "$datadir/`hostname`.err"
+get_mysql_option "$server_sections" log-error "$datadir/`uname -n`.err"
 errlogfile="$result"
 
 get_mysql_option "$server_sections" socket "@MYSQL_UNIX_ADDR@"
 socketfile="$result"
 
-get_mysql_option "$server_sections" pid-file "$datadir/`hostname`.pid"
+get_mysql_option "$server_sections" pid-file "$datadir/`uname -n`.pid"
 pidfile="$result"
 

SOURCES/mysql.service.in

@@ -26,22 +26,28 @@
 
 [Unit]
 Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server
-After=syslog.target
+Documentation=man:mysqld(8)
+Documentation=https://mariadb.com/kb/en/library/systemd/
 After=network.target
 
+[Install]
+WantedBy=multi-user.target
+Alias=mysql.service
+Alias=mysqld.service
+
 [Service]
 Type=notify
 User=mysql
 Group=mysql
 
 ExecStartPre=@libexecdir@/mysql-check-socket
+# '%n' expands to 'Full unit name'; man systemd.unit
 ExecStartPre=@libexecdir@/mysql-prepare-db-dir %n
 # MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf
 # Note: we set --basedir to prevent probes that might trigger SELinux alarms,
 # per bug #547485
 ExecStart=@libexecdir@/mysqld --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
 ExecStartPost=@libexecdir@/mysql-check-upgrade
-ExecStopPost=@libexecdir@/mysql-wait-stop
 
 # Setting this to true can break replication and the Type=notify settings
 # See also bind-address mysqld option.
@@ -65,6 +71,3 @@ TimeoutSec=300
 
 # Place temp files in a secure directory, not /tmp
 PrivateTmp=true
-
-[Install]
-WantedBy=multi-user.target

SOURCES/mysql@.service.in

@@ -33,22 +33,27 @@
 
 [Unit]
 Description=@NICE_PROJECT_NAME@ @MAJOR_VERSION@.@MINOR_VERSION@ database server
-After=syslog.target
+Documentation=man:mysqld(8)
+Documentation=https://mariadb.com/kb/en/library/systemd/
 After=network.target
 
+[Install]
+WantedBy=multi-user.target
+Alias=mysql.service
+Alias=mysqld.service
+
 [Service]
 Type=notify
 User=mysql
 Group=mysql
 
-ExecStartPre=@libexecdir@/mysql-check-socket
-ExecStartPre=@libexecdir@/mysql-prepare-db-dir %n
+ExecStartPre=@libexecdir@/mysql-check-socket --defaults-group-suffix=.%I
+ExecStartPre=@libexecdir@/mysql-prepare-db-dir --defaults-group-suffix=.%I %n
 # MYSQLD_OPTS here is for users to set in /etc/systemd/system/@DAEMON_NAME@@.service.d/MY_SPECIAL.conf
 # Note: we set --basedir to prevent probes that might trigger SELinux alarms,
 # per bug #547485
 ExecStart=@libexecdir@/mysqld --defaults-group-suffix=.%I --basedir=@prefix@ $MYSQLD_OPTS $_WSREP_NEW_CLUSTER
-ExecStartPost=@libexecdir@/mysql-check-upgrade
-ExecStopPost=@libexecdir@/mysql-wait-stop
+ExecStartPost=@libexecdir@/mysql-check-upgrade --defaults-group-suffix=.%I
 
 # Setting this to true can break replication and the Type=notify settings
 # See also bind-address mysqld option.
@@ -72,6 +77,3 @@ TimeoutSec=300
 
 # Place temp files in a secure directory, not /tmp
 PrivateTmp=true
-
-[Install]
-WantedBy=multi-user.target

SOURCES/rh-skipped-tests-arm.list

@@ -1,12 +1,37 @@
+# Fails since 10.3.8, only on armv7hl
+versioning.auto_increment :
+versioning.commit_id :
+versioning.delete :
+versioning.foreign :
+versioning.insert :
+versioning.insert2 :
+versioning.select2 :
+versioning.update :
 
-connect.bin                 : rhbz#1096787 (pass on aarch64)
-connect.endian              : rhbz#1096787
-
-main.partition_exchange             : rhbz#1096787
-main.analyze_stmt_orderby           : rhbz#1096787
-main.explain_json_innodb            : rhbz#1096787
-main.explain_json_format_partitions : rhbz#1096787
-main.analyze_format_json            : rhbz#1096787
-main.explain_json                   : rhbz#1096787
-main.subselect_cache                : rhbz#1096787
-main.type_year                      : rhbz#1096787
+# Fails since 10.3.8, on both armv7hl and aarch64
+mariabackup.system_versioning :
+
+# Fails since 10.3.9, on both armv7hl and aarch64
+disks.disks :
+encryption.create_or_replace :
+federated.federatedx_versioning :
+
+# Fails since 10.3.9, only on armv7hl
+versioning.alter :
+versioning.replace :
+versioning.select :
+versioning.truncate :
+versioning.trx_id :
+
+# Fails since 10.3.9, only on aarch64
+innodb_gis.kill_server :
+innodb_gis.rtree_search :
+innodb.innodb_defrag_concurrent :
+parts.partition_alter1_1_2_innodb :
+parts.partition_alter1_2_innodb :
+parts.partition_alter2_1_1_innodb :
+parts.partition_alter2_1_2_innodb :
+parts.partition_alter2_2_1_innodb :
+parts.partition_alter2_2_2_innodb :
+parts.partition_basic_innodb :
+parts.part_supported_sql_func_innodb :

SOURCES/rh-skipped-tests-base.list

@@ -1,14 +1,63 @@
-# These tests fail with MariaDB 10:
-
-main.userstat                                   : rhbz#1096787
-main.set_statement_notembedded_binlog           : rhbz#1096787
-main.ssl_7937                                   : rhbz#1096787
-main.ssl_crl_clients                            : rhbz#1096787
-main.openssl_1                                  : rhbz#1096787
-main.ssl                                        : rhbz#1096787
-main.ssl_8k_key                                 : rhbz#1096787
-main.ssl_compress                               : rhbz#1096787
-main.ssl_timeout                                : rhbz#1096787
-perfschema.nesting                              : rhbz#1096787
-perfschema.socket_summary_by_event_name_func    : rhbz#1096787
-perfschema.socket_summary_by_instance_func      : rhbz#1096787
+# The SSL test are failing correctly. Fro more explanation, see:
+# https://jira.mariadb.org/browse/MDEV-8404?focusedCommentId=84275&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-84275
+main.ssl_7937                                : #1399847
+main.ssl_crl_clients                         : #1399847
+main.ssl_8k_key                              :
+
+# 
+perfschema.nesting                           : #1399847
+perfschema.socket_summary_by_instance_func   : #1399847
+perfschema.socket_summary_by_event_name_func :
+
+# ------------------------------
+# Tests that fails because of 'Self Signed Certificate in the Certificate Chain'
+perfschema.cnf_option                        :
+
+rpl.rpl_row_img_blobs                        :
+rpl.rpl_row_img_eng_min                      :
+rpl.rpl_row_img_eng_noblob                   :
+
+sys_vars.slave_parallel_threads_basic        :
+
+# ------------------------------
+# Fails since 10.1.12
+innodb.innodb_defrag_binlog                  :
+
+# on x86_64 after 10.2.12 and 10.2.13 after some unidentified change in Rawhide buildroot
+mroonga/storage.index_multiple_column_range_all_used_less_than                               :
+mroonga/storage.index_multiple_column_range_all_used_less_than_or_equal                      :
+mroonga/storage.index_multiple_column_range_partially_used_have_prefix_less_than             :
+mroonga/storage.index_multiple_column_range_partially_used_have_prefix_less_than_or_equal    :
+mroonga/storage.index_multiple_column_range_partially_used_no_prefix_less_than               :
+mroonga/storage.index_multiple_column_range_partially_used_no_prefix_less_than_or_equal      :
+mroonga/storage.optimization_order_limit_optimized_datetime_less_than                        :
+mroonga/storage.optimization_order_limit_optimized_datetime_less_than_or_equal               :
+
+# Fails everywhere since 10.2.15
+main.userstat				     :
+
+# Fails on x86_64 since 10.2.15
+rocksdb.bulk_load_errors                     :
+rocksdb.index_merge_rocksdb                  :
+rocksdb.index_merge_rocksdb2                 :
+rocksdb.read_only_tx                         :
+rocksdb_rpl.mdev12179                        :
+rocksdb.shutdown                             :
+rocksdb.2pc_group_commit                     :
+
+# Fails on ppc and arm since 10.2.15
+innodb_gis.rtree_compress2                   :
+parts.partition_alter4_innodb                :
+
+# Fails from 10.3.9
+encryption.innodb-redo-badkey                :
+
+# Expected: Plugin building disabled in server
+plugins.auth_ed25519                         :
+
+# Fails from 10.4.10
+sys_vars.tcp_nodelay                         :
+# only on i686
+main.key_cache                               :
+parts.optimizer                              :
+main.opt_trace_index_merge                   :

SOURCES/rh-skipped-tests-ppc.list

@@ -0,0 +1,21 @@
+# 10.2.12 & 10.2.13 after some uninedtified Rawhide (and the forked f28) buildroot change
+# failed: 1045: Access denied for user '.....'@'localhost' (using password: YES)
+innodb.temporary_table_optimization :
+
+main.derived_cond_pushdown :
+main.ps :
+
+# From 10.3.9 on ppc64le
+encryption.create_or_replace :
+main.select :
+main.select_jcl6 :
+main.select_pkeycache :
+main.sp :
+main.type_float :
+main.type_newdecimal :
+main.type_ranges :
+
+# 10.3.10
+parts.partition_alter1_2_innodb :
+parts.partition_alter1_1_2_innodb :
+innodb.innodb_defrag_concurrent :

SOURCES/rh-skipped-tests-s390.list

@@ -0,0 +1,9 @@
+# Fails since 10.2.15
+disks.disks :
+
+# Fails since 10.3.9
+binlog.binlog_flush_binlogs_delete_domain :
+handler.heap :
+handler.interface :
+innodb_fts.innodb_fts_misc :
+rpl.rpl_gtid_delete_domain :