[bitnami/mysql] Release mysql-8.4.2-debian-12-r3

bitnami/mysql/8.4/debian-12/Dockerfile

@@ -7,11 +7,11 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2024-07-25T07:37:40Z" \
+      org.opencontainers.image.created="2024-08-24T08:38:34Z" \
       org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
       org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mysql/README.md" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="8.4.2-debian-12-r2" \
+      org.opencontainers.image.ref.name="8.4.2-debian-12-r3" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mysql" \
       org.opencontainers.image.title="mysql" \
       org.opencontainers.image.vendor="Broadcom, Inc." \
@@ -28,7 +28,7 @@ SHELL ["/bin/bash", "-o", "errexit", "-o", "nounset", "-o", "pipefail", "-c"]
 RUN install_packages ca-certificates curl gcc-11 libaio1 libcom-err2 libgcc-s1 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libsasl2-2 libssl3 libstdc++6 libtinfo6 libtirpc3 procps psmisc
 RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \
     COMPONENTS=( \
-      "ini-file-1.4.7-2-linux-${OS_ARCH}-debian-12" \
+      "ini-file-1.4.7-3-linux-${OS_ARCH}-debian-12" \
       "mysql-8.4.2-0-linux-${OS_ARCH}-debian-12" \
     ) ; \
     for COMPONENT in "${COMPONENTS[@]}"; do \

bitnami/mysql/8.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json

@@ -3,7 +3,7 @@
         "arch": "amd64",
         "distro": "debian-12",
         "type": "NAMI",
-        "version": "1.4.7-2"
+        "version": "1.4.7-3"
     },
     "mysql": {
         "arch": "amd64",

bitnami/mysql/8.4/debian-12/rootfs/opt/bitnami/scripts/libmysql.sh

@@ -527,96 +527,6 @@ mysql_start_bg() {
     fi
 }
 
-########################
-# Ensure a db user exists with the given password for the '%' host
-# Globals:
-#   DB_*
-# Flags:
-#   -p|--password - database password
-#   -u|--user - database user
-#   --auth-plugin - authentication plugin
-#   --use-ldap - authenticate user via LDAP
-#   --host - database host
-#   --port - database host
-# Arguments:
-#   $1 - database user
-# Returns:
-#   None
-#########################
-mysql_ensure_user_exists() {
-    local -r user="${1:?user is required}"
-    local password=""
-    local auth_plugin=""
-    local use_ldap="no"
-    local hosts
-    local auth_string=""
-    # For accessing an external database
-    local db_host=""
-    local db_port=""
-
-    # Validate arguments
-    shift 1
-    while [ "$#" -gt 0 ]; do
-        case "$1" in
-            -p|--password)
-                shift
-                password="${1:?missing database password}"
-                ;;
-            --auth-plugin)
-                shift
-                auth_plugin="${1:?missing authentication plugin}"
-                ;;
-            --use-ldap)
-                use_ldap="yes"
-                ;;
-            --host)
-                shift
-                db_host="${1:?missing database host}"
-                ;;
-            --port)
-                shift
-                db_port="${1:?missing database port}"
-                ;;
-            *)
-                echo "Invalid command line flag $1" >&2
-                return 1
-                ;;
-        esac
-        shift
-    done
-    if is_boolean_yes "$use_ldap"; then
-        auth_string="identified via pam using '$DB_FLAVOR'"
-    elif [[ -n "$password" ]]; then
-        if [[ -n "$auth_plugin" ]]; then
-            auth_string="identified with $auth_plugin by '$password'"
-        else
-            auth_string="identified by '$password'"
-        fi
-    fi
-    debug "creating database user \'$user\'"
-
-    local -a mysql_execute_cmd=("mysql_execute")
-    local -a mysql_execute_print_output_cmd=("mysql_execute_print_output")
-    if [[ -n "$db_host" && -n "$db_port" ]]; then
-        mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port")
-        mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port")
-    fi
-
-    "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
-create user if not exists '${user}'@'%' ${auth_string};
-EOF
-    debug "Removing all other hosts for the user"
-    hosts=$("${mysql_execute_print_output_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
-select Host from user where User='${user}' and Host!='%';
-EOF
-)
-    for host in $hosts; do
-        "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
-drop user '$user'@'$host';
-EOF
-    done
-}
-
 #!/bin/bash
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
@@ -932,6 +842,98 @@ mysql_migrate_old_configuration() {
     fi
 }
 
+########################
+# Ensure a db user exists with the given password for the '%' host
+# Globals:
+#   DB_*
+# Flags:
+#   -p|--password - database password
+#   -u|--user - database user
+#   --auth-plugin - authentication plugin
+#   --use-ldap - authenticate user via LDAP
+#   --host - database host
+#   --port - database host
+# Arguments:
+#   $1 - database user
+# Returns:
+#   None
+#########################
+mysql_ensure_user_exists() {
+    local -r user="${1:?user is required}"
+    local password=""
+    local auth_plugin=""
+    local use_ldap="no"
+    local hosts
+    local auth_string=""
+    # For accessing an external database
+    local db_host=""
+    local db_port=""
+
+    # Validate arguments
+    shift 1
+    while [ "$#" -gt 0 ]; do
+        case "$1" in
+            -p|--password)
+                shift
+                password="${1:?missing database password}"
+                ;;
+            --auth-plugin)
+                shift
+                auth_plugin="${1:?missing authentication plugin}"
+                ;;
+            --use-ldap)
+                use_ldap="yes"
+                ;;
+            --host)
+                shift
+                db_host="${1:?missing database host}"
+                ;;
+            --port)
+                shift
+                db_port="${1:?missing database port}"
+                ;;
+            *)
+                echo "Invalid command line flag $1" >&2
+                return 1
+                ;;
+        esac
+        shift
+    done
+    if is_boolean_yes "$use_ldap"; then
+        auth_string="identified via pam using '$DB_FLAVOR'"
+    elif [[ -n "$password" ]]; then
+        if [[ -n "$auth_plugin" ]]; then
+            auth_string="identified with $auth_plugin by '$password'"
+        else
+            auth_string="identified by '$password'"
+        fi
+    fi
+    debug "creating database user \'$user\'"
+
+    local -a mysql_execute_cmd=("mysql_execute")
+    local -a mysql_execute_print_output_cmd=("mysql_execute_print_output")
+    if [[ -n "$db_host" && -n "$db_port" ]]; then
+        mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port")
+        mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port")
+    fi
+
+    local mysql_create_user_cmd
+    [[ "$DB_FLAVOR" = "mariadb" ]] && mysql_create_user_cmd="create or replace user" || mysql_create_user_cmd="create user if not exists"
+    "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+${mysql_create_user_cmd} '${user}'@'%' ${auth_string};
+EOF
+    debug "Removing all other hosts for the user"
+    hosts=$("${mysql_execute_print_output_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+select Host from user where User='${user}' and Host!='%';
+EOF
+)
+    for host in $hosts; do
+        "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+drop user '$user'@'$host';
+EOF
+    done
+}
+
 ########################
 # Ensure a db user does not exist
 # Globals:
@@ -1169,7 +1171,7 @@ mysql_ensure_optional_user_exists() {
         flags+=("-p" "$password")
         [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin")
     fi
-    "${DB_FLAVOR}"_ensure_user_exists "${flags[@]}"
+    mysql_ensure_user_exists "${flags[@]}"
 }
 
 ########################
@@ -1332,14 +1334,14 @@ find_jemalloc_lib() {
 ########################
 # Execute a reliable health check against the current mysql instance
 # Globals:
-#   DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD
+#   DB_ROOT_USER, DB_ROOT_PASSWORD, DB_MASTER_ROOT_PASSWORD
 # Arguments:
 #   None
 # Returns:
 #   mysqladmin output
 #########################
 mysql_healthcheck() {
-    local args=("-uroot" "-h0.0.0.0")
+    local args=("-u${DB_ROOT_USER}" "-h0.0.0.0")
     local root_password
 
     root_password="$(get_master_env_var_value ROOT_PASSWORD)"
@@ -1400,6 +1402,22 @@ mysql_client_extra_opts() {
             value="$(mysql_client_env_value "SSL_${key^^}_FILE")"
             [[ -n "${value}" ]] && opts+=("--ssl-${key}=${value}")
         done
+    else
+        # Skip SSL validation
+        if [[ "$(mysql_client_flavor)" = "mysql" ]]; then
+            opts+=("--ssl-mode=DISABLED")
+        else
+            # SSL connections are enabled by default in MariaDB >=10.11
+            local mysql_version=""
+            local major_version=""
+            local minor_version=""
+            mysql_version="$(mysql_get_version)"
+            major_version="$(get_sematic_version "${mysql_version}" 1)"
+            minor_version="$(get_sematic_version "${mysql_version}" 2)"
+            if [[ "${major_version}" -gt 10 ]] || [[ "${major_version}" -eq 10 && "${minor_version}" -eq 11 ]]; then
+                opts+=("--skip-ssl")
+            fi
+        fi
     fi
     echo "${opts[@]:-}"
 }