[MIR] mysql-8.4

Bug #2089720 reported by Lena Voytek
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-8.4 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

This MIR will allow packages in main to migrate from depending on mysql-8.0 with libmysqlclient21 to mysql-8.4 with libmysqlclient24. Since mysql-8.0 did not have an MIR bug for the transition from mysql-5.7, I created this as a new one.

[Availability]
The package mysql-8.4 is already in Ubuntu universe (in plucky-proposed).
The package mysql-8.4 builds for the architectures it is designed to work on.
It currently builds and works for architectures: amd64, arm64, ppc64el, riscv64, and s390x for server and client; and armhf and i386 for client-only. The package still needs to be allowed to build for i386 in the archive though.
Link to package https://launchpad.net/ubuntu/+source/mysql-8.4

[Rationale]
- The package mysql-8.4 is required in Ubuntu main for migrating our MySQL version from 8.0 to 8.4
- The package mysql-8.4 will generally be useful for a large part of our user base
- This will allow packages to build against the LTS libmysqlclient24 library
- There is no other/better way to solve this that is already in main or should go universe->main instead of this.
- The package mysql-8.4 is required in Ubuntu main no later than the release of plucky to make it our main supported MySQL version

[Security]
- Had various security issues in the past: https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixMSQL
CVEs are fixed internally upstream with each new minor release.

- Binary mysqld in sbin is no problem because it already exists there in mysql-8.0
- Package does install services, timers or recurring jobs - mysql.service
- Security has been kept in mind and common isolation/risk-mitigation patterns are in place utilizing the following features:
  apparmor profile in debian/additions/apparmor-profile
- Packages does not open privileged ports (ports < 1024).
- Package does expose an external endpoint, it is localhost:3306 which allows access to the mysql server from a client.
- Packages does not contain extensions to security-sensitive software (filters, scanners, plugins, UI skins, ...)

[Quality assurance - function/usage]
- The package works well right after install

[Quality assurance - maintenance]
- The package is maintained well in Ubuntu and Upstream and does not have too many, long-term & critical, open bugs
- Ubuntu https://bugs.launchpad.net/ubuntu/+source/mysql-8.4/+bug
- Upstream's bug tracker - https://bugs.mysql.com/
- The package does not deal with exotic hardware we cannot support

[Quality assurance - testing]
- The package runs a test suite on build time, if it fails it makes the build fail for amd64 and arm64, link to build log https://launchpadlibrarian.net/759388540/buildlog_ubuntu-plucky-amd64.mysql-8.4_8.4.3-0ubuntu1_BUILDING.txt.gz

- The package runs an autopkgtest, and is currently passing on all architectures - https://autopkgtest.ubuntu.com/packages/m/mysql-8.4

- The package does have not failing autopkgtests right now

[Quality assurance - packaging]
- debian/watch is present and works

- debian/control defines a correct Maintainer field

- This package does not rely on obsolete or about to be demoted packages.
- This package has no python2 or GTK2 dependencies

- The package will not be installed by default

- Packaging is complex, but that is ok because MySQL is a complex package. The rules file has been cleaned up from the 8.0 version

[UI standards]
- Application is end-user facing via CLI, Translation is present, via standard intltool/gettext or similar build and runtime internationalization

[Dependencies]
- No further depends or recommends dependencies that are not yet in main

[Standards compliance]
- This package correctly follows FHS and Debian Policy

[Maintenance/Owner]
- The owning team will be Ubuntu server and I have their acknowledgement for that commitment.
- The future owning team is not yet subscribed, but will subscribe to the package before promotion

- This does not use static builds
- This package uses vendored code (boost1.84), which is refreshed by upstream during security updates
- This package is not rust based

- The package has been built within the last 3 months in the archive
- Build link on launchpad: https://launchpad.net/ubuntu/+source/mysql-8.4/8.4.3-0ubuntu1

[Background information]
Upstream Name is mysql-8.4
Link to upstream project https://dev.mysql.com/doc/refman/8.4/en/

Additional info:

Security maintenance for mysql-8.4 will match that of mysql-8.0, in that each new minor version will be backported to existing releases. MySQL's upstream release model does not describe CVE fixes individually, so all fixes are backported each time.

Additionally, with the removal of 32-bit support upstream, our support for mysql on 32-bit platforms has been reduced to mysql-client and the client libraries only.

Changed in mysql-8.4 (Ubuntu):
assignee: nobody → Christian Ehrhardt  (paelzer)
Revision history for this message
Christian Ehrhardt (paelzer) wrote :

While being a complex stack, it is a good citizen with many of the otherwise missing things like apparmor and tests and autopkgtests and so on present.

Furthermore it is just a new version of the same, just happens to be a versioned source of what already was in main all the time - and therefore does not need a full MIR IMHO.

MIR Team Ack

Revision history for this message
Christian Ehrhardt (paelzer) wrote :
Download full text (5.2 KiB)

8.0 set

 mysql-router | 8.0.40-1 | plucky/universe | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 libmysqlclient21 | 8.0.40-1 | plucky | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 libmysqlclient-dev | 8.0.40-1 | plucky | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 mysql-client-core-8.0 | 8.0.40-1 | plucky | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 mysql-client-8.0 | 8.0.40-1 | plucky | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 mysql-client | 8.0.40-1 | plucky | all
 mysql-server-core-8.0 | 8.0.40-1 | plucky | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 mysql-server-8.0 | 8.0.40-1 | plucky | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x
 mysql-server | 8.0.40-1 | plucky | all
 mysql-testsuite | 8.0.40-1 | plucky/universe | all
 mysql-source-8.0 | 8.0.40-1 | plucky/universe | amd64, arm64, armhf, i386, ppc64el, riscv64, s390x

8.4 set

 mysql-8.4 | 8.4.3-0ubuntu1 | plucky-proposed/universe | source
 mysql-router | 8.4.3-0ubuntu1 | plucky-proposed/universe | amd64, arm64, ppc64el, riscv64, s390x
 libmysqlclient24 | 8.4.3-0ubuntu1 | plucky-proposed/universe | amd64, arm64, armhf, ppc64el, riscv64, s390x
 libmysqlclient-dev | 8.4.3-0ubuntu1 | plucky-proposed | amd64, arm64, armhf, ppc64el, riscv64, s390x
 mysql-client-core | 8.4.3-0ubuntu1 | plucky-proposed/universe | amd64, arm64, armhf, ppc64el, riscv64, s390x
 mysql-client | 8.4.3-0ubuntu1 | plucky-proposed | amd64, arm64, armhf, ppc64el, riscv64, s390x
 mysql-server-core | 8.4.3-0ubuntu1 | plucky-proposed/universe | amd64, arm64, ppc64el, riscv64, s390x
 mysql-server | 8.4.3-0ubuntu1 | plucky-proposed | amd64, arm64, ppc64el, riscv64, s390x
 mysql-testsuite | 8.4.3-0ubuntu1 | plucky-proposed/universe | amd64, arm64, ppc64el, riscv64, s390x
 mysql-source | 8.4.3-0ubuntu1 | plucky-proposed/universe | amd64, arm64, armhf, ppc64el, riscv64, s390x

Some are in main already by inheriting from the same binary name.
Those are intentional changes in the changelog:
  14 * Binary package changes:
  15 - Rename mysql-client-core-8.0 to mysql-client-core
  16 - Rename mysql-server-core-8.0 to mysql-server-core
  17 - Combine mysql-client metapackage and mysql-client-8.0 into mysql-client
  18 - Combine mysql-server metapackage and mysql-server-8.0 into mysql-server
  19 - Combine mysql-testsuite metapackage and mysql-testsuite-8.0 into
  20 mysql-testsuite
  21 - Rename mysql-source-8.0 to mysql-source, and provide mysql-source.tar.gz
  22 - Update conflicting packages to current mariadb and mysql binaries

That leaves some to promote to unblock...

Read more...

Changed in mysql-8.4 (Ubuntu):
status: New → Fix Released
assignee: Christian Ehrhardt  (paelzer) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.