1851354 - Blocklist MySQL 8.0 and newer in checksetup.pl

Status: RESOLVED FIXED

(Bugzilla :: Installation & Upgrading, enhancement)

Description

[Dave Miller [:justdave]]

MySQL >= 8.0 currently does not work with Bugzilla due to 'groups' becoming a reserved keyword (it's the name of one of our tables).

While proper MySQL 8 support is in the works, it's not in place yet, and until then, we need to properly prevent people from trying to use it, because it will only be a headache.

Comment 1

[Dave Miller [:justdave]]

Attachment: patch for 5.2

Comment 2

[Dave Miller [:justdave]]

Attachment: patch for 5.0.4

Comment 3

[Dave Miller [:justdave]]

Attachment: patch for 5.0.4

got tabs in that last patch on accident, oops.

Comment 4

[Dave Miller [:justdave]]

Attachment: patch for 4.4

Comment 5

[Dave Miller [:justdave]]

Attachment: patch for trunk (5.1)

Comment 6

[Dave Miller [:justdave]]

Attachment: patch for harmony

Comment 7

[Dave Miller [:justdave]]

The harmony patch here is wrong... it needs MariaDB 10.0 instead of 5.1.
Also the 5.2 patch is wrong... and has been since Bugzilla 5.0.5. Minimum MySQL version bump from 5.0.15 to 5.6.12 because of the InnoDB Fulltext index.

Will fix when I get the PRs created.

Comment 8

[Dave Miller [:justdave]]

Attachment: GitHub Pull Request for 5.2

Comment 9

[Dave Miller [:justdave]]

Attachment: GitHub Pull Request for 5.0.4

Comment 10

[Dave Miller [:justdave]]

Attachment: GitHub Pull Request for 4.4

Comment 11

[Dave Miller [:justdave]]

Attachment: GitHub Pull Request for trunk (5.1)

Comment 12

[Dave Miller [:justdave]]

Attachment: GitHub Pull Request for harmony

Comment 13

[Frédéric Buclin]

(In reply to Dave Miller [:justdave] from comment #7)

Also the 5.2 patch is wrong... and has been since Bugzilla 5.0.5. Minimum MySQL version bump from 5.0.15 to 5.6.12 because of the InnoDB Fulltext index.

Yes, see bug 868867 and bug 868869.

Comment 14

[Dave Miller [:justdave]]

Per bug 868869 the minimum MariaDB needs to be 10.0.5
Updates patches coming up.

Comment 15

[Dave Miller [:justdave]]

Per bug 868867 the minimum DBD::mysql also needs to be 4.032

Comment 16

[Dave Miller [:justdave]]

Pull requests for 5.2 and Harmony have been updated

Comment 17

[Frédéric Buclin]

For UTF-8 support. 4.001 makes sure that blobs aren't

  # marked as UTF-8.
  version => '4.032',

Your comment is confusing as you mention 4.001 but you require 4.032.

Comment 18

[Frédéric Buclin]

Err... what's this ugly formatting??? What did Bugzilla do to my previous comment??

Comment 19

[Frédéric Buclin]

In your patches, you require DBD::mysql to use MariaDB. I don't understand why. Why don't you require DBD::MariaDB instead? This would make more sense, IMO. See https://metacpan.org/dist/DBD-MariaDB

Also, wouldn't it be safer to require MySQL 5.7 instead of 5.6.12? Per https://endoflife.software/applications/databases/mysql, MySQL 5.6 reached EOL in February 2021. Also, per https://github.com/perl5-dbi/DBD-mysql/commit/9076a7f7, the next release of DBD::mysql will only support MySQL 5.7 and newer.

Comment 20

[Dave Miller [:justdave]]

(In reply to Frédéric Buclin from comment #19)

In your patches, you require DBD::mysql to use MariaDB. I don't understand why. Why don't you require DBD::MariaDB instead? This would make more sense, IMO. See https://metacpan.org/dist/DBD-MariaDB

Because MySQL and MariaDB are compatible at the driver level. And if I read the documentation for DBD::MariaDB correctly, it can also be used with MySQL. They forked DBD::mysql because the maintainers were too slow with bug fixes.

For a quick fix designed to get MySQL 8 blocked until we get our compatibility issues fixed, this is good enough. We can definitely do this right on a future version. Although we'd need a Bugzilla::DB::MariaDB to go with it as well, which is the reason I don't want it in this set of patches.

Also, wouldn't it be safer to require MySQL 5.7 instead of 5.6.12? Per https://endoflife.software/applications/databases/mysql, MySQL 5.6 reached EOL in February 2021. Also, per https://github.com/perl5-dbi/DBD-mysql/commit/9076a7f7, the next release of DBD::mysql will only support MySQL 5.7 and newer.

We probably have lots of minimum versions on things that are prerequisites for us that are no-longer-supported versions. If we know we're not broken on that version why block it? Maybe they have some reason they can't upgrade. It'd be on them to make sure they're using security-supported versions of things.

Comment 21

[Dave Miller [:justdave]]

Also worth noting: DBD::MariaDB is not available on Ubuntu 20.04. Users will be required to install it via CPAN if we require it.

Comment 22

[Dallas Clarke]

Attachment: output of the mysql install script

Howdy All,

I'm not 100% sure if this is the same bug, bug when installing on Debian 12, running '/usr/bin/perl install-module.pl DBD::mysql' is returning:

Comment 23

[Dave Miller [:justdave]]

Unrelated. your error:

Can't exec "mysql_config": No such file or directory at Makefile.PL line 89.

You need to install MySQL or MariaDB first before installing the perl modules. (and this is a support issue, not really related to this bug)

Comment 24

[Dallas Clarke]

Howdy All,

I'm not 100% sure if this is the same bug, bug when installing on Debian 12, running '/usr/bin/perl install-module.pl DBD::mysql' is returning:

Warning: No success on command[/usr/bin/perl Makefile.PL LIB="/var/www/bugzilla.ekkysoftware.com/lib" INSTALLMAN1DIR="/var/www/bugzilla.ekkysoftware.com/lib/man/man1" INSTALLMAN3DIR="/var/www/bugzilla.ekkysoftware.com/lib/man/man3" INSTALLBIN="/var/www/bugzilla.ekkysoftware.com/lib/bin" INSTALLSCRIPT="/var/www/bugzilla.ekkysoftware.com/lib/bin" INSTALLDIRS=perl]
DVEEDEN/DBD-mysql-4.050.tar.gz
/usr/bin/perl Makefile.PL LIB="/var/www/bugzilla.ekkysoftware.com/lib" INSTALLMAN1DIR="/var/www/bugzilla.ekkysoftware.com/lib/man/man1" INSTALLMAN3DIR="/var/www/bugzilla.ekkysoftware.com/lib/man/man3" INSTALLBIN="/var/www/bugzilla.ekkysoftware.com/lib/bin" INSTALLSCRIPT="/var/www/bugzilla.ekkysoftware.com/lib/bin" INSTALLDIRS=perl -- NOT OK

And is blocking the creation of localconfig file.

Comment 25

[Dallas Clarke]

Howdy Dave,

You're very quick, but sudo mysql returns:

Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2452
Server version: 10.11.3-MariaDB-1 Debian 12

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

So, it's installed.

Comment 26

[Dave Miller [:justdave]]

You're probably missing the development headers. make sure libmysqlclient-dev is installed (if you're on Ubuntu - might be some other similar package on other OSes). If that doesn't fix, please take it to the support list or come find us on IRC/Matrix/Discord because we're cluttering this bug with unrelated stuff.

Comment 27

[Frédéric Buclin]

Comment on attachment 9351397 [details] [review]
GitHub Pull Request for 4.4

>diff --git a/Bugzilla/Constants.pm b/Bugzilla/Constants.pm
>+                db_blacklist => ['^[89]\.'],

db_blacklist or db_blocklist ??


>+    'mariadb' => {db => 'Bugzilla::DB::Mysql', db_version => '5.1',
>+                  # MariaDB is indistinguishable from MySQL, but skipped 8 and
>+                  # 9 so blacklist it anyway in case someone has the driver set

blacklist or blocklist?


>+                  db_blacklist => ['^[89]\.'],

Same here

>+                    # Disallow development versions
>+                    blacklist => ['_'],

And here.

etc... etc... There are several other places where you mix both blacklist and blocklist. This is inconsistent. IMO, the 4.4 branch is not the right place to do such changes. It's beyond the "security fixes only" policy.

Comment 28

[Dave Miller [:justdave]]

(In reply to Frédéric Buclin from comment #27)

IMO, the 4.4 branch is not the right place to do such changes. It's beyond the "security fixes only" policy.

Should we just ignore the 4.4 branch on this on the grounds that anyone running it is probably on an older OS and they should be migrating to a newer branch if they have a newer OS with the versions that break the old Bugzilla?

Comment 29

[Frédéric Buclin]

(In reply to Dave Miller [:justdave] from comment #28)

Should we just ignore the 4.4 branch on this on the grounds that anyone running it is probably on an older OS and they should be migrating to a newer branch if they have a newer OS with the versions that break the old Bugzilla?

IMO, yes.

Comment 30

[Dave Miller [:justdave]]

Comment on attachment 9351397 [details] [review]
GitHub Pull Request for 4.4

We're dropping this from 4.4, since it's security updates only, and nobody should be installing it from scratch, only upgrading from an older release, and if they already have an older version, then they'll already know about this or have installed a version that already works with Bugzilla anyway.

Comment 31

[Dave Miller [:justdave]]

Comment on attachment 9351394 [details] [review]
GitHub Pull Request for 5.2

The 5.2 branch now supports MySQL 8 so we no longer need this.
The 5.6 minimum will still need to get done (bug 868869)

Comment 32

[Dave Miller [:justdave]]

Comment on attachment 9351399 [details] [review]
GitHub Pull Request for harmony

MySQL 8+ support landed on Harmony as well, so this is no longer needed there, either.

Comment 33

[Dave Miller [:justdave]]

Removing from 5.2 blockers

Comment 34

[Dave Miller [:justdave]]

Comment on attachment 9351398 [details] [review]
GitHub Pull Request for trunk (5.1)

Landed on master:
https://github.com/bugzilla/bugzilla/commit/4854aec9dd8ecef82679a4f2fbf6688516a15f56

Comment 35

[Dave Miller [:justdave]]

Comment on attachment 9351396 [details] [review]
GitHub Pull Request for 5.0.4

Landed:
https://github.com/bugzilla/bugzilla/commit/18ba4d3977ee5ce01057e51299a40eeaaf2507cb