Bug #120625 leapp ugprade from oracle linux 9 to oracle linux 10 breaks because mysql-community rpms are not signed by Oracle!
Submitted: 7 Jun 13:13 Modified: 7 Jun 15:34
Reporter: Simon Mudd (OCA) Email Updates:
Status: Open Impact on me:
None 
Category:MySQL Package Repos Severity:S3 (Non-critical)
Version:8.4 OS:Oracle Linux (9)
Assigned to: CPU Architecture:Any
Tags: leapp, Oracle, rpm, upgrades

[7 Jun 13:13] Simon Mudd 
Description:
I am filing this here as I think that MySQL needs to talk to its Oracle colleagues internally to not trigger this as a breaking reason to prevent an upgrade.

My attempt to upgraade from ol9 to ol10 is potentially blocked as the upgrade checker notices rpms not signed by Oracle (they are signed by MySQL ...) and therefore considers this a critical problem potentially preventing the upgrade or requiring these rpms from being removed...

How to repeat:
I am looking to upgrade from ol9 to ol10, and run MySQL 8.4 on my machine.
To upgrade you can use leapp which does various checks. See here: https://docs.oracle.com/en/operating-systems/oracle-linux/10/leapp/leapp-UpgradingtheSyste...

/var/log/leapp/leapp-report.txt says:

----------------------------------------
Risk Factor: high 
Title: Packages not signed by Oracle found on the system
Summary: The following packages have not been signed by Oracle and may be removed during the upgrade process in case Oracle-signed packages to be removed during the upgrade depend on them:
- <redacted>
- <redacted>
- mysql-community-client
- mysql-community-client-plugins
- mysql-community-common
- mysql-community-icu-data-files
- mysql-community-libs
- mysql-community-server
- mysql84-community-release
- percona-release
- percona-toolkit
- perl-DBD-MySQL
- <redacted>
Remediation: [hint] The most simple solution that does not require additional knowledge about the upgrade process is the uninstallation of such packages before the upgrade and installing these (or their newer versions compatible with the target system) back after the upgrade. Also you can just try to upgrade the system on a testing machine (or after the full system backup) to see the result.
However, it is common use case to migrate or upgrade installed third party packages together with the system during the in-place upgrade process. To examine how to customize the process to deal with such packages, follow the documentation in the attached link for more details.

--- snip ---

Suggested fix:
Talk to your colleagues or the people that provide the code and documentation for the ol9 to ol10 upgrade.

Ensure that officially signed rpms for MySQL and tooling by MySQL are recognised as being valid and therefore should not trigger any issues. Also if this requires updating repo configuration information after the upgrade to point at ol10 MySQL repos then please help your colleagues to make this process automatic and transparent.
[7 Jun 13:15] Simon Mudd 
Note: this is not a blocker for me but more a FYI as I imagine other people may bump into it.

You want this process to be trouble free and potentially this may also affect the MySQL commercial rpms in the same way, though perhaps those users may have resources to upgrade to a clean new server.
[7 Jun 13:24] Simon Mudd 
The output generated above came from running
$ sudo leapp preupgrade --oraclelinux
[7 Jun 15:34] Simon Mudd 
FWIW the ol9 -> ol10 leapp upgrade failed to upgrade mysql binaries:

[user@host ~]$ rpm -qa 2>/dev/null | grep mysql- 
mysql-community-icu-data-files-8.4.9-1.el9.x86_64
mysql-community-common-8.4.9-1.el9.x86_64
mysql-community-server-8.4.9-1.el9.x86_64
mysql-community-client-plugins-8.4.9-1.el9.x86_64
mysql-community-libs-8.4.9-1.el9.x86_64
mysql-community-client-8.4.9-1.el9.x86_64
[user@host ~]$ rpm -qa 2>/dev/null | grep oracle.*release
oraclelinux-release-10.1-1.0.6.el10.x86_64
oraclelinux-release-el10-1.0-17.el10.x86_64
oracle-epel-release-el10-1.0-6.el10.x86_64

Not entirely surprising.

However, MySQL was still working with old binaries (which is good):

[user@host ~]$ mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.4.9 MySQL Community Server - GPL
...
mysql> select @@version;
+-----------+
| @@version |
+-----------+
| 8.4.9     |
+-----------+
1 row in set (0.00 sec)

mysql>

I can upgrade those I guess by modifying the rpm repo to the ol10 equivalent and forcing an upgrade of the rpms.  It would be really nice if the leapp tooling would also work for mysql-community / mysql-commercial rpms on the RHEL compatible distributions like OL, RHEL (if they support leapp), Alma or Rocky Linux.

An other thing I notice:
- see: https://bugs.mysql.com/119212
- I bumped into gpg expired certificate errors while trying to upgrade to the equivalent el10 versions. It took a while to figure out how to fix. I left a suggestion for making this issue on the other (closed) bug report and suggest a proper page should document this.

Anyway it's good to see the el10 binaries now working:

[user@host ~]$ rpm -qa | grep mysql
mysql-community-icu-data-files-8.4.9-1.el10.x86_64
mysql-community-common-8.4.9-1.el10.x86_64
mysql-community-server-8.4.9-1.el10.x86_64
mysql-community-client-plugins-8.4.9-1.el10.x86_64
mysql-community-libs-8.4.9-1.el10.x86_64
mysql-community-client-8.4.9-1.el10.x86_64
mysql84-community-release-el10-2.noarch