PKGBUILDs/extra/mariadb/0001-arch-specific.patch

From ceef73b08ba6e73d9477b583e1a4695c0854c0f3 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Wed, 19 Feb 2020 13:10:17 +0100
Subject: [PATCH 1/3] enable PrivateTmp for a little bit more security

---
 support-files/mariadb.service.in  | 2 +-
 support-files/mariadb@.service.in | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in
index 79c8b9a8cca..9e1ddfc82e1 100644
--- a/support-files/mariadb.service.in
+++ b/support-files/mariadb.service.in
@@ -129,7 +129,7 @@ UMask=007
 
 # If you don't use the /tmp directory for SELECT ... OUTFILE and
 # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
-PrivateTmp=false
+PrivateTmp=true
 
 # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!)
 # this is the same value as used in SysV init scripts in the past
diff --git a/support-files/mariadb@.service.in b/support-files/mariadb@.service.in
index 31f1586f1bf..b7094662bbd 100644
--- a/support-files/mariadb@.service.in
+++ b/support-files/mariadb@.service.in
@@ -243,7 +243,7 @@ UMask=007
 
 # If you don't use the /tmp directory for SELECT ... OUTFILE and
 # LOAD DATA INFILE you can enable PrivateTmp=true for a little more security.
-PrivateTmp=false
+PrivateTmp=true
 
 # Set an explicit Start and Stop timeout of 900 seconds (15 minutes!)
 # this is the same value as used in SysV init scripts in the past
-- 
2.45.1


From 51fdbe18eca303edfe68111d02638280edd8f5ad Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Wed, 19 Feb 2020 13:10:46 +0100
Subject: [PATCH 2/3] force preloading jemalloc for memory management

---
 support-files/mariadb.service.in  | 1 +
 support-files/mariadb@.service.in | 1 +
 2 files changed, 2 insertions(+)

diff --git a/support-files/mariadb.service.in b/support-files/mariadb.service.in
index 9e1ddfc82e1..f48ac56140c 100644
--- a/support-files/mariadb.service.in
+++ b/support-files/mariadb.service.in
@@ -165,6 +165,7 @@ LimitNOFILE=32768
 # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths
 # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
 # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=
+Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"
 
 # Flush caches. previously [mysqld_safe] flush-caches=1
 # ExecStartPre=sync
diff --git a/support-files/mariadb@.service.in b/support-files/mariadb@.service.in
index b7094662bbd..c6f1605276e 100644
--- a/support-files/mariadb@.service.in
+++ b/support-files/mariadb@.service.in
@@ -290,6 +290,7 @@ LimitNOFILE=32768
 # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths
 # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD).
 # Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=
+Environment="LD_PRELOAD=/usr/lib/libjemalloc.so"
 
 # Flush caches. previously [mysqld_safe] flush-caches=1
 # ExecStartPre=sync
-- 
2.45.1


From 77d9419c79013e29146d33fe491f8285d6311ead Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Wed, 19 Feb 2020 13:11:31 +0100
Subject: [PATCH 3/3] Make systemd-tmpfiles create MYSQL_DATADIR

This is a no-op if the directory exists, but makes sure it is created by
systemd-tmpfiles with proper permissions otherwise.

This solves packaging issues when the user MYSQLD_USER is created by
systemd-sysusers and uid is not known in advance.

Also this now sets the No_COW attribute.
---
 support-files/tmpfiles.conf.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/support-files/tmpfiles.conf.in b/support-files/tmpfiles.conf.in
index 70de7a12fdb..101b37f306a 100644
--- a/support-files/tmpfiles.conf.in
+++ b/support-files/tmpfiles.conf.in
@@ -9,3 +9,5 @@
 # It shouldn't be used for datadir which is why it
 # may be disabled.
 @DISABLE_TMP@d @MYSQL_UNIX_DIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ -
+d @MYSQL_DATADIR@ 0700 @MYSQLD_USER@ @MYSQLD_USER@ -
+h @MYSQL_DATADIR@ - - - - +C
-- 
2.45.1