Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8762

file_key_management plugin should be disabled by default when linked statically

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Won't Fix
    • Affects Version/s: 10.1
    • Fix Version/s: N/A
    • Component/s: Encryption, Plugins
    • Labels:
      None
    • Sprint:
      10.1.8-4

      Description

      When file_key_management plugin is linked statically, it is enabled by default, which of course causes ugly (even though non-fatal) errors on bootstrap and server startup, because the plugin is not configured.
      It should either be disallowed to link it statically at all, or it should be disabled by default, something similar to feedback plugin

      diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc
      index 6d8268e..1d2e2d8 100644
      --- a/sql/sql_plugin.cc
      +++ b/sql/sql_plugin.cc
      @@ -211,6 +211,7 @@
       
         /* we disable few other plugins by default */
         ,{ "feedback", PLUGIN_OFF }
      +  ,{ "file_key_management", PLUGIN_OFF }
       };
       
       /* support for Services */
      

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            jplindst Jan Lindström added a comment -

            What bad exactly could happen now that innodb-encrypt-tables=OFF by default and if I correctly understand all the rest encryption configuration variables are also OFF by default ?

            Show
            jplindst Jan Lindström added a comment - What bad exactly could happen now that innodb-encrypt-tables=OFF by default and if I correctly understand all the rest encryption configuration variables are also OFF by default ?
            Hide
            elenst Elena Stepanova added a comment -

            The problem is that the file_key_management plugin requires a mandatory option (key file), and if it's not there, it causes a set of errors. It's one thing when a user enabled plugin explicitly but did not configure it properly, and quite another when they had nothing to do with the plugin and it just started throwing scary messages.

            2015-09-30 12:58:52 140256084612960 [ERROR] mysqld: File '' not found (Errcode: 2 "No such file or directory")
            2015-09-30 12:58:52 140256084612960 [ERROR] Plugin 'file_key_management' init function returned error.
            2015-09-30 12:58:52 140256084612960 [ERROR] Plugin 'file_key_management' registration as a ENCRYPTION failed.
            
            Show
            elenst Elena Stepanova added a comment - The problem is that the file_key_management plugin requires a mandatory option (key file), and if it's not there, it causes a set of errors. It's one thing when a user enabled plugin explicitly but did not configure it properly, and quite another when they had nothing to do with the plugin and it just started throwing scary messages. 2015-09-30 12:58:52 140256084612960 [ERROR] mysqld: File '' not found (Errcode: 2 "No such file or directory") 2015-09-30 12:58:52 140256084612960 [ERROR] Plugin 'file_key_management' init function returned error. 2015-09-30 12:58:52 140256084612960 [ERROR] Plugin 'file_key_management' registration as a ENCRYPTION failed.
            Hide
            serg Sergei Golubchik added a comment -

            We should not link with file_key_management plugin statically in our release binaries.

            But plugin supports static linking and if someone wants to link it statically in his custom build — sure, he can do that. And deal with warnings.

            I'd say current behavior is "as intended".

            Show
            serg Sergei Golubchik added a comment - We should not link with file_key_management plugin statically in our release binaries. But plugin supports static linking and if someone wants to link it statically in his custom build — sure, he can do that. And deal with warnings. I'd say current behavior is "as intended".
            Hide
            jplindst Jan Lindström added a comment -

            Based on discussion, closing.

            Show
            jplindst Jan Lindström added a comment - Based on discussion, closing.

              People

              • Assignee:
                jplindst Jan Lindström
                Reporter:
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Agile