[debian-mysql] Bug#1026353: mariadb-server: mariadb does not start after bullseye point release 11.6
Michael Prokop
mika at debian.org
Mon Dec 19 09:53:48 GMT 2022
* Matthew P Zagrabelny [Sun Dec 18, 2022 at 04:11:54PM -0600]:
> Package: mariadb-server
> Version: 1:10.5.18-0+deb11u1
> Severity: important
>
> Unattended upgrade upgraded mariadb this morning and now the service does not
> start:
>
[...]
> Dec 18 15:25:36 mariadb-test-system systemd[1]: Starting MariaDB 10.5.18 database server...
> Dec 18 15:25:37 mariadb-test-system mariadbd[604]: 2022-12-18 15:25:37 0 [Note] /usr/sbin/mariadbd (mysqld 10.5.18-MariaDB-0+deb11u1) starting as process 604 ...
> Dec 18 15:25:38 mariadb-test-system systemd[1]: mariadb.service: Main process exited, code=exited, status=1/FAILURE
> Dec 18 15:25:38 mariadb-test-system systemd[1]: mariadb.service: Failed with result 'exit-code'.
> Dec 18 15:25:38 mariadb-test-system systemd[1]: Failed to start MariaDB 10.5.18 database server.
Same here, check whether you have any non-existent SSL keys or alike
referenced in your configuration, like:
| [mysqld]
| [...]
| ssl = false
| ssl-ca = /etc/mysql/cacert.pem
| ssl-cert = /etc/mysql/server-cert.pem
| ssl-key = /etc/mysql/server-key.pem
| [...]
So while it was even set to `ssl = false` on this system, it now
fails with:
| 2022-12-19 10:33:24 0 [ERROR] Failed to setup SSL
| 2022-12-19 10:33:24 0 [ERROR] SSL error: SSL_CTX_set_default_verify_paths failed
| 2022-12-19 10:33:24 0 [ERROR] Aborting
(FTR, removing the ssl-ca/ssl-cert/ssl-key settings fixed it for me,
those settings came from defaults of
https://github.com/puppetlabs/puppetlabs-mysql so I'm sure more
folks will be affected.)
This used to be a warning only until and including mariadb
version 1:10.5.15-0+deb11u1:
| 2022-11-22 7:42:46 0 [Warning] Failed to setup SSL
| 2022-11-22 7:42:46 0 [Warning] SSL error: SSL_CTX_set_default_verify_paths failed
| 2022-11-22 7:42:46 0 [Warning] SSL error: error:02001002:system library:fopen:No such file or directory
| 2022-11-22 7:42:46 0 [Warning] SSL error: error:2006D080:BIO routines:BIO_new_file:no such file
| 2022-11-22 7:42:46 0 [Warning] SSL error: error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
Now as of mariadb 1:10.5.18-0+deb11u1 (as present in bullseye as of
the latest point release) this ends up as hard failure:
| 2022-12-18 6:42:14 0 [ERROR] Failed to setup SSL
| 2022-12-18 6:42:14 0 [ERROR] SSL error: SSL_CTX_set_default_verify_paths failed
| 2022-12-18 6:42:14 0 [ERROR] Aborting
Possibly related to the OpenSSL 3.0 support introduced with 10.5.17
(see https://mariadb.com/kb/en/mariadb-10517-release-notes/), but
IMO this is a regression.
regards
-mika-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-mysql-maint/attachments/20221219/f9da0ec0/attachment.sig>
More information about the pkg-mysql-maint
mailing list