From 6b5e134a251a29657bda578a6c7a6c1725f400c8512cc6cc71cd03c38086fa85 Mon Sep 17 00:00:00 2001
From: Danilo Spinella <danilo.spinella@suse.com>
Date: Mon, 15 Nov 2021 09:01:42 +0000
Subject: [PATCH 1/4] Accepting request 931186 from home:gmbr3:Active

- Add CONFIG parameter to %sysusers_generate_pre

OBS-URL: https://build.opensuse.org/request/show/931186
OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=284
---
 mariadb.changes | 5 +++++
 mariadb.spec    | 3 +--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/mariadb.changes b/mariadb.changes
index 8aed92f..f9598e2 100644
--- a/mariadb.changes
+++ b/mariadb.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Nov 12 21:44:03 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
+
+- Add CONFIG parameter to %sysusers_generate_pre
+
 -------------------------------------------------------------------
 Tue Nov  9 08:34:26 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
 
diff --git a/mariadb.spec b/mariadb.spec
index 819b418..35e6723 100644
--- a/mariadb.spec
+++ b/mariadb.spec
@@ -113,7 +113,6 @@ BuildRequires:  procps
 # Some tests and myrocks_hotbackup script need python3
 BuildRequires:  python3
 BuildRequires:  sqlite
-BuildRequires:  sysuser-shadow
 BuildRequires:  sysuser-tools
 BuildRequires:  tcpd-devel
 # Tests requires time and ps and some perl modules
@@ -474,7 +473,7 @@ export CXXFLAGS="$CFLAGS -felide-constructors"
 %make_build
 nm --numeric-sort sql/mysqld > sql/mysqld.sym
 cd ..
-%sysusers_generate_pre %{SOURCE12} mysql
+%sysusers_generate_pre %{SOURCE12} mysql mysql-user.conf
 
 %install
 # Helper function to generate filelist for binaries and their manpages

From fe2661729b438e78f64aed5da82e304bb8681ac9d6649f098af3db858ac08657 Mon Sep 17 00:00:00 2001
From: Danilo Spinella <danilo.spinella@suse.com>
Date: Mon, 15 Nov 2021 15:33:48 +0000
Subject: [PATCH 2/4] Accepting request 931583 from
 home:dspinella:branches:server:database

- Revert systemd hardening
  * Remove harden_mariadb.service.patch

OBS-URL: https://build.opensuse.org/request/show/931583
OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=285
---
 harden_mariadb.service.patch | 21 ---------------------
 mariadb.changes              |  6 ++++++
 mariadb.service.in           | 11 -----------
 mariadb.spec                 |  2 --
 4 files changed, 6 insertions(+), 34 deletions(-)
 delete mode 100644 harden_mariadb.service.patch

diff --git a/harden_mariadb.service.patch b/harden_mariadb.service.patch
deleted file mode 100644
index dbe7d1a..0000000
--- a/harden_mariadb.service.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Index: mariadb-10.6.4/support-files/mariadb.service.in
-===================================================================
---- mariadb-10.6.4.orig/support-files/mariadb.service.in
-+++ mariadb-10.6.4/support-files/mariadb.service.in
-@@ -29,6 +29,16 @@ WantedBy=multi-user.target
- 
- 
- [Service]
-+# added automatically, for details please see
-+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
-+ProtectHostname=true
-+ProtectClock=true
-+ProtectKernelTunables=true
-+ProtectKernelModules=true
-+ProtectKernelLogs=true
-+ProtectControlGroups=true
-+RestrictRealtime=true
-+# end of automatic additions 
- 
- ##############################################################################
- ## Core requirements
diff --git a/mariadb.changes b/mariadb.changes
index f9598e2..fc2f092 100644
--- a/mariadb.changes
+++ b/mariadb.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Nov 15 11:02:55 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Revert systemd hardening
+  * Remove harden_mariadb.service.patch
+
 -------------------------------------------------------------------
 Fri Nov 12 21:44:03 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
 
diff --git a/mariadb.service.in b/mariadb.service.in
index 21d4d8e..993c6d3 100644
--- a/mariadb.service.in
+++ b/mariadb.service.in
@@ -63,17 +63,6 @@ ProtectSystem=full
 
 # Prevent accessing /home, /root and /run/user
 ProtectHome=true
-# added automatically, for details please see
-# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
-PrivateDevices=true
-ProtectHostname=true
-ProtectClock=true
-ProtectKernelTunables=true
-ProtectKernelModules=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-RestrictRealtime=true
-# end of automatic additions 
 
 # Execute pre and post scripts as root, otherwise it does it as User=
 PermissionsStartOnly=true
diff --git a/mariadb.spec b/mariadb.spec
index 35e6723..718c401 100644
--- a/mariadb.spec
+++ b/mariadb.spec
@@ -78,7 +78,6 @@ Patch3:         mariadb-10.0.15-logrotate-su.patch
 Patch4:         mariadb-10.2.4-fortify-and-O.patch
 Patch6:         mariadb-10.4.12-harden_setuid.patch
 Patch7:         mariadb-10.4.12-fix-install-db.patch
-Patch8:	harden_mariadb.service.patch
 Patch9:         func_math_tests_MDEV-26645.diff
 Patch10:        fix-pamdir.patch
 # needed for bison SQL parser and wsrep API
@@ -364,7 +363,6 @@ find . -name "*.jar" -type f -exec rm --verbose -f {} \;
 %patch4
 %patch6 -p1
 %patch7 -p1
-%patch8 -p1
 %if 0%{?suse_version} > 1500
 %ifarch s390x ppc64 ppc64le
 %patch9

From d51fc69c0dac4caca2970400c84f39f3643f7d79c9a7f27828dda7846384d6ce Mon Sep 17 00:00:00 2001
From: Danilo Spinella <danilo.spinella@suse.com>
Date: Mon, 15 Nov 2021 17:02:58 +0000
Subject: [PATCH 3/4] Accepting request 931601 from
 home:dspinella:branches:server:database

- Enable LZ4 compression for INNODB and ROCKSDB, fixes bsc#1186031

OBS-URL: https://build.opensuse.org/request/show/931601
OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=286
---
 mariadb.changes | 5 +++++
 mariadb.spec    | 1 +
 2 files changed, 6 insertions(+)

diff --git a/mariadb.changes b/mariadb.changes
index fc2f092..45adac3 100644
--- a/mariadb.changes
+++ b/mariadb.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Nov 15 16:59:26 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Enable LZ4 compression for INNODB and ROCKSDB, fixes bsc#1186031
+
 -------------------------------------------------------------------
 Mon Nov 15 11:02:55 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
 
diff --git a/mariadb.spec b/mariadb.spec
index 718c401..29d50fa 100644
--- a/mariadb.spec
+++ b/mariadb.spec
@@ -86,6 +86,7 @@ BuildRequires:  cmake
 BuildRequires:  dos2unix
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
+BuildRequires:  liblz4-devel
 # GSSAPI
 BuildRequires:  krb5-devel
 # embedded server libmariadbd

From 4b6b44299b5fa5c30cdcb13a99d7b97b9a51317dd274f9b10169a4a2005f04c4 Mon Sep 17 00:00:00 2001
From: Danilo Spinella <danilo.spinella@suse.com>
Date: Wed, 17 Nov 2021 13:46:57 +0000
Subject: [PATCH 4/4] Accepting request 931962 from
 home:dspinella:branches:server:database

- Fix rpmlint errors
- Run spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/931962
OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=287
---
 mariadb.changes |  6 ++++++
 mariadb.spec    | 14 +++++++-------
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/mariadb.changes b/mariadb.changes
index 45adac3..83a4324 100644
--- a/mariadb.changes
+++ b/mariadb.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Nov 16 13:28:35 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Fix rpmlint errors
+- Run spec-cleaner
+
 -------------------------------------------------------------------
 Mon Nov 15 16:59:26 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>
 
diff --git a/mariadb.spec b/mariadb.spec
index 29d50fa..654aa6c 100644
--- a/mariadb.spec
+++ b/mariadb.spec
@@ -86,7 +86,6 @@ BuildRequires:  cmake
 BuildRequires:  dos2unix
 BuildRequires:  fdupes
 BuildRequires:  gcc-c++
-BuildRequires:  liblz4-devel
 # GSSAPI
 BuildRequires:  krb5-devel
 # embedded server libmariadbd
@@ -97,6 +96,7 @@ BuildRequires:  libbz2-devel
 # commands history feature
 BuildRequires:  libedit-devel
 BuildRequires:  libevent-devel
+BuildRequires:  liblz4-devel
 BuildRequires:  libtool
 BuildRequires:  libxml2-devel
 # CLI graphic and wsrep API
@@ -394,8 +394,8 @@ sed -i 's|@localstatedir@|%{_localstatedir}/log|' support-files/mysql-log-rotate
 rm -f mysql-test/t/file_contents.test mysql-test/r/file_contents.result
 
 # Specify perl path on shebangs
-for i in `grep -Rl '^#!@PERL@$' .`; do
-	sed -i 's|@PERL@|%{_bindir}/perl|' $i
+for i in `grep -Rl '^#!%{_bindir}/env perl$' .`; do
+	sed -i 's|%{_bindir}/env perl|%{_bindir}/perl|' $i
 done
 
 # Add our list of tests that fail (correctly or temporarily) to the list of such
@@ -768,10 +768,10 @@ cd mysql-test
 # client does not require server and needs the user too
 %pre client -f mysql.pre
 %pre
-%service_add_pre mariadb.service
+%service_add_pre mariadb.service mariadb.socket mariadb-extra.socket mariadb.target
 
 %post
-%service_add_post mariadb.service
+%service_add_post mariadb.service mariadb@.service mariadb.socket mariadb-extra.socket mariadb.target
 %tmpfiles_create %{_tmpfilesdir}/mariadb.conf
 
 %set_permissions %{_libdir}/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
@@ -844,10 +844,10 @@ exit 0
 %verify_permissions %{_libdir}/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
 
 %preun
-%service_del_preun mariadb.service
+%service_del_preun mariadb.service mariadb.socket mariadb-extra.socket mariadb.target
 
 %postun
-%service_del_postun mariadb.service
+%service_del_postun mariadb.service mariadb.socket mariadb-extra.socket mariadb.target
 
 %post -n libmariadbd%{soname} -p /sbin/ldconfig
 %postun -n libmariadbd%{soname} -p /sbin/ldconfig