diff options
-rw-r--r-- | debian/additions/enable_encryption.preset | 20 | ||||
-rwxr-xr-x | debian/autobake-deb.sh | 5 | ||||
-rw-r--r-- | debian/control | 17 | ||||
-rw-r--r-- | debian/mariadb-plugin-aws-key-management-10.2.install | 2 |
4 files changed, 43 insertions, 1 deletions
diff --git a/debian/additions/enable_encryption.preset b/debian/additions/enable_encryption.preset new file mode 100644 index 00000000000..287bc03413a --- /dev/null +++ b/debian/additions/enable_encryption.preset @@ -0,0 +1,20 @@ +# +# !include this file into your my.cnf (or any of *.cnf files in /etc/mysql/conf.d) +# and it will enable data at rest encryption. This is a simple way to +# ensure that everything that can be encrypted will be and your +# data will not leak unencrypted. +# +# DO NOT EDIT THIS FILE! On MariaDB upgrades it might be replaced with a +# newer version and your edits will be lost. Instead, add your edits +# to the .cnf file after the !include directive. +# +# NOTE that you also need to install an encryption plugin for the encryption +# to work. See https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#encryption-key-management +# +[mariadb] +aria-encrypt-tables +encrypt-binlog +encrypt-tmp-disk-tables +encrypt-tmp-files +loose-innodb-encrypt-log +loose-innodb-encrypt-tables diff --git a/debian/autobake-deb.sh b/debian/autobake-deb.sh index b6d1711e6ea..92c68c225d7 100755 --- a/debian/autobake-deb.sh +++ b/debian/autobake-deb.sh @@ -81,6 +81,11 @@ if [[ $GCCVERSION -lt 40800 ]] || [[ $(arch) =~ i[346]86 ]] then sed '/Package: mariadb-plugin-rocksdb/,+7d' -i debian/control fi +if [[ $GCCVERSION -lt 40800 ]] +then + sed '/Package: mariadb-plugin-aws-key-management-10.2/,+13d' -i debian/control +fi + # Adjust changelog, add new version echo "Incrementing changelog and starting build scripts" diff --git a/debian/control b/debian/control index 96271e046f3..722e88593cf 100644 --- a/debian/control +++ b/debian/control @@ -30,6 +30,7 @@ Build-Depends: bison, po-debconf, psmisc, unixodbc-dev, + uuid-dev, zlib1g-dev (>= 1:1.1.3-5~) Standards-Version: 3.8.2 Homepage: http://mariadb.org/ @@ -562,6 +563,20 @@ Description: CrackLib Password Validation Plugin for MariaDB This password validation plugin uses cracklib to allow only sufficiently secure (as defined by cracklib) user passwords in MariaDB. +Package: mariadb-plugin-aws-key-management-10.2 +Section: database +Architecture: any +Breaks: mariadb-aws-key-management-10.1 +Replaces: mariadb-aws-key-management-10.1 +Depends: mariadb-server-10.2, + libcurl3, + ${misc:Depends}, + ${shlibs:Depends} +Description: Amazon Web Service Key Management Service Plugin for MariaDB + This encryption key management plugin gives an interface to the Amazon Web + Services Key Management Service for managing encryption keys used for MariaDB + data-at-rest encryption. + Package: mariadb-test Architecture: any Depends: mariadb-client-10.2 (= ${binary:Version}), @@ -622,4 +637,4 @@ Description: MariaDB database regression test suite - data files language in the world. The main goals of MariaDB are speed, robustness and ease of use. . - This package has the architecture independent data files for the test suite.
\ No newline at end of file + This package has the architecture independent data files for the test suite. diff --git a/debian/mariadb-plugin-aws-key-management-10.2.install b/debian/mariadb-plugin-aws-key-management-10.2.install new file mode 100644 index 00000000000..ed966b4115d --- /dev/null +++ b/debian/mariadb-plugin-aws-key-management-10.2.install @@ -0,0 +1,2 @@ +usr/lib/mysql/plugin/aws_key_management.so +debian/additions/enable_encryption.preset etc/mysql/conf.d/ |