Merge 10.4 into 10.5

3 files changed, 50 insertions, 18 deletions

diff --git a/scripts/wsrep_sst_common.sh b/scripts/wsrep_sst_common.sh
index 562f9dc3aac..67244a7c622 100644
--- a/scripts/wsrep_sst_common.sh
+++ b/scripts/wsrep_sst_common.sh
@@ -1010,7 +1010,13 @@ check_port()
         lsof -Pnl -i ":$port" 2>/dev/null | \
         grep -q -E "^($utils)[^[:space:]]*[[:space:]]+$pid[[:space:]].*\\(LISTEN\\)" && rc=0
     elif [ $sockstat_available -ne 0 ]; then
-        sockstat -p "$port" 2>/dev/null | \
+        local opts='-p'
+        if [ "$OS" = 'FreeBSD' ]; then
+            # sockstat on FreeBSD requires the "-s" option
+            # to display the connection state:
+            opts='-sp'
+        fi
+        sockstat "$opts" "$port" 2>/dev/null | \
         grep -q -E "[[:space:]]+($utils)[^[:space:]]*[[:space:]]+$pid[[:space:]].*[[:space:]]LISTEN" && rc=0
     elif [ $ss_available -ne 0 ]; then
         ss -nlpH "( sport = :$port )" 2>/dev/null | \
diff --git a/scripts/wsrep_sst_mariabackup.sh b/scripts/wsrep_sst_mariabackup.sh
index 46804c9dce4..562b9b929f2 100644
--- a/scripts/wsrep_sst_mariabackup.sh
+++ b/scripts/wsrep_sst_mariabackup.sh
@@ -166,7 +166,8 @@ get_keys()
     fi
 
     if [ -z "$ekey" -a ! -r "$ekeyfile" ]; then
-        wsrep_log_error "FATAL: Either key or keyfile must be readable"
+        wsrep_log_error "FATAL: Either key must be specified " \
+                        "or keyfile must be readable"
         exit 3
     fi
 
@@ -448,9 +449,30 @@ encgroups='--mysqld|sst|xtrabackup'
 
 check_server_ssl_config()
 {
-    tcert=$(parse_cnf "$encgroups" 'ssl-ca')
-    tpem=$(parse_cnf "$encgroups" 'ssl-cert')
-    tkey=$(parse_cnf "$encgroups" 'ssl-key')
+    # backward-compatible behavior:
+    tcert=$(parse_cnf 'sst' 'tca')
+    tpem=$(parse_cnf 'sst' 'tcert')
+    tkey=$(parse_cnf 'sst' 'tkey')
+    # reading new ssl configuration options:
+    local tcert2=$(parse_cnf "$encgroups" 'ssl-ca')
+    local tpem2=$(parse_cnf "$encgroups" 'ssl-cert')
+    local tkey2=$(parse_cnf "$encgroups" 'ssl-key')
+    # if there are no old options, then we take new ones:
+    if [ -z "$tcert" -a -z "$tpem" -a -z "$tkey" ]; then
+        tcert="$tcert2"
+        tpem="$tpem2"
+        tkey="$tkey2"
+    # checking for presence of the new-style SSL configuration:
+    elif [ -n "$tcert2" -o -n "$tpem2" -o -n "$tkey2" ]; then
+        if [ "$tcert" != "$tcert2" -o \
+             "$tpem"  != "$tpem2"  -o \
+             "$tkey"  != "$tkey2" ]
+        then
+            wsrep_log_info "new ssl configuration options (ssl-ca, ssl-cert " \
+                           "and ssl-key) are ignored by SST due to presence " \
+                           "of the tca, tcert and/or tkey in the [sst] section"
+        fi
+    fi
 }
 
 read_cnf()
@@ -463,18 +485,10 @@ read_cnf()
 
     if [ $encrypt -eq 0 -o $encrypt -ge 2 ]
     then
-        if [ "$tmode" != 'DISABLED' -o $encrypt -ge 2 ]
-        then
-            tcert=$(parse_cnf 'sst' 'tca')
-            tpem=$(parse_cnf 'sst' 'tcert')
-            tkey=$(parse_cnf 'sst' 'tkey')
+        if [ "$tmode" != 'DISABLED' -o $encrypt -ge 2 ]; then
+            check_server_ssl_config
         fi
         if [ "$tmode" != 'DISABLED' ]; then
-            # backward-incompatible behavior
-            if [ -z "$tpem" -a -z "$tkey" -a -z "$tcert" ]; then
-                # no old-style SSL config in [sst]
-                check_server_ssl_config
-            fi
             if [ 0 -eq $encrypt -a -n "$tpem" -a -n "$tkey" ]
             then
                 encrypt=3 # enable cert/key SSL encyption
@@ -489,7 +503,11 @@ read_cnf()
         ealgo=$(parse_cnf "$encgroups" 'encrypt-algo')
         eformat=$(parse_cnf "$encgroups" 'encrypt-format' 'openssl')
         ekey=$(parse_cnf "$encgroups" 'encrypt-key')
-        ekeyfile=$(parse_cnf "$encgroups" 'encrypt-key-file')
+        # The keyfile should be read only when the key
+        # is not specified or empty:
+        if [ -z "$ekey" ]; then
+            ekeyfile=$(parse_cnf "$encgroups" 'encrypt-key-file')
+        fi
     fi
 
     wsrep_log_info "SSL configuration: CA='$tcert', CERT='$tpem'," \
diff --git a/scripts/wsrep_sst_rsync.sh b/scripts/wsrep_sst_rsync.sh
index fc9f5017937..d90e87b68f2 100644
--- a/scripts/wsrep_sst_rsync.sh
+++ b/scripts/wsrep_sst_rsync.sh
@@ -93,7 +93,15 @@ check_pid_and_port()
         else
             local filter='([^[:space:]]+[[:space:]]+){4}[^[:space:]]+'
             if [ $sockstat_available -eq 1 ]; then
-                port_info=$(sockstat -p "$port" 2>/dev/null | \
+                local opts='-p'
+                if [ "$OS" = 'FreeBSD' ]; then
+                    # sockstat on FreeBSD requires the "-s" option
+                    # to display the connection state:
+                    opts='-sp'
+                    # in addition, sockstat produces an additional column:
+                    filter='([^[:space:]]+[[:space:]]+){5}[^[:space:]]+'
+                fi
+                port_info=$(sockstat "$opts" "$port" 2>/dev/null | \
                     grep -E '[[:space:]]LISTEN' | grep -o -E "$filter")
             else
                 port_info=$(ss -nlpH "( sport = :$port )" 2>/dev/null | \
@@ -388,7 +396,7 @@ EOF
         # Use deltaxfer only for WAN
         inv=$(basename "$0")
         WHOLE_FILE_OPT=""
-        if [ "${inv%wsrep_sst_rsync_wan*}" != "$inv" ]; then
+        if [ "${inv%wsrep_sst_rsync_wan*}" = "$inv" ]; then
             WHOLE_FILE_OPT="--whole-file"
         fi