summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/additions/enable_encryption.preset20
-rwxr-xr-xdebian/autobake-deb.sh5
-rw-r--r--debian/control17
-rw-r--r--debian/mariadb-plugin-aws-key-management-10.2.install2
4 files changed, 43 insertions, 1 deletions
diff --git a/debian/additions/enable_encryption.preset b/debian/additions/enable_encryption.preset
new file mode 100644
index 00000000000..287bc03413a
--- /dev/null
+++ b/debian/additions/enable_encryption.preset
@@ -0,0 +1,20 @@
+#
+# !include this file into your my.cnf (or any of *.cnf files in /etc/mysql/conf.d)
+# and it will enable data at rest encryption. This is a simple way to
+# ensure that everything that can be encrypted will be and your
+# data will not leak unencrypted.
+#
+# DO NOT EDIT THIS FILE! On MariaDB upgrades it might be replaced with a
+# newer version and your edits will be lost. Instead, add your edits
+# to the .cnf file after the !include directive.
+#
+# NOTE that you also need to install an encryption plugin for the encryption
+# to work. See https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#encryption-key-management
+#
+[mariadb]
+aria-encrypt-tables
+encrypt-binlog
+encrypt-tmp-disk-tables
+encrypt-tmp-files
+loose-innodb-encrypt-log
+loose-innodb-encrypt-tables
diff --git a/debian/autobake-deb.sh b/debian/autobake-deb.sh
index b6d1711e6ea..92c68c225d7 100755
--- a/debian/autobake-deb.sh
+++ b/debian/autobake-deb.sh
@@ -81,6 +81,11 @@ if [[ $GCCVERSION -lt 40800 ]] || [[ $(arch) =~ i[346]86 ]]
then
sed '/Package: mariadb-plugin-rocksdb/,+7d' -i debian/control
fi
+if [[ $GCCVERSION -lt 40800 ]]
+then
+ sed '/Package: mariadb-plugin-aws-key-management-10.2/,+13d' -i debian/control
+fi
+
# Adjust changelog, add new version
echo "Incrementing changelog and starting build scripts"
diff --git a/debian/control b/debian/control
index 96271e046f3..722e88593cf 100644
--- a/debian/control
+++ b/debian/control
@@ -30,6 +30,7 @@ Build-Depends: bison,
po-debconf,
psmisc,
unixodbc-dev,
+ uuid-dev,
zlib1g-dev (>= 1:1.1.3-5~)
Standards-Version: 3.8.2
Homepage: http://mariadb.org/
@@ -562,6 +563,20 @@ Description: CrackLib Password Validation Plugin for MariaDB
This password validation plugin uses cracklib to allow only
sufficiently secure (as defined by cracklib) user passwords in MariaDB.
+Package: mariadb-plugin-aws-key-management-10.2
+Section: database
+Architecture: any
+Breaks: mariadb-aws-key-management-10.1
+Replaces: mariadb-aws-key-management-10.1
+Depends: mariadb-server-10.2,
+ libcurl3,
+ ${misc:Depends},
+ ${shlibs:Depends}
+Description: Amazon Web Service Key Management Service Plugin for MariaDB
+ This encryption key management plugin gives an interface to the Amazon Web
+ Services Key Management Service for managing encryption keys used for MariaDB
+ data-at-rest encryption.
+
Package: mariadb-test
Architecture: any
Depends: mariadb-client-10.2 (= ${binary:Version}),
@@ -622,4 +637,4 @@ Description: MariaDB database regression test suite - data files
language in the world. The main goals of MariaDB are speed, robustness and
ease of use.
.
- This package has the architecture independent data files for the test suite. \ No newline at end of file
+ This package has the architecture independent data files for the test suite.
diff --git a/debian/mariadb-plugin-aws-key-management-10.2.install b/debian/mariadb-plugin-aws-key-management-10.2.install
new file mode 100644
index 00000000000..ed966b4115d
--- /dev/null
+++ b/debian/mariadb-plugin-aws-key-management-10.2.install
@@ -0,0 +1,2 @@
+usr/lib/mysql/plugin/aws_key_management.so
+debian/additions/enable_encryption.preset etc/mysql/conf.d/