Bug #88894 keyring_file plugin reinstall is not setting keyring_file_data as blank
Submitted: 13 Dec 2017 9:24 Modified: 25 Oct 2018 6:10
Reporter: Ramesh Sivaraman Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Server: Security: Encryption Severity:S3 (Non-critical)
Version:5.7.20 OS:Ubuntu
Assigned to: CPU Architecture:Any

[13 Dec 2017 9:24] Ramesh Sivaraman 
Description:
keyring_file plugin reinstall is not setting keyring_file_data as blank, it is setting value from the cache.

How to repeat:
1) started server with '--early-plugin-load=keyring_file.so --keyring_file_data=/qa/ps/ms57/data/keyring' startup option.

5.7.20>show variables like '%keyring%';
+-------------------+--------------------------+
| Variable_name     | Value                    |
+-------------------+--------------------------+
| keyring_file_data | /qa/ps/ms57/data/keyring |
+-------------------+--------------------------+
1 row in set (0.00 sec)

5.7.20>select plugin_name,plugin_status from information_schema.plugins where plugin_name  like '%keyring%';              
+--------------+---------------+
| plugin_name  | plugin_status |
+--------------+---------------+
| keyring_file | ACTIVE        |
+--------------+---------------+
1 row in set (0.00 sec)

5.7.20>

5.7.20>set global keyring_file_data='/tmp/keyring';
Query OK, 0 rows affected (0.13 sec)

5.7.20>show variables like '%keyring%';
+-------------------+--------------+
| Variable_name     | Value        |
+-------------------+--------------+
| keyring_file_data | /tmp/keyring |
+-------------------+--------------+
1 row in set (0.00 sec)

5.7.20>UNINSTALL PLUGIN keyring_file;
Query OK, 0 rows affected (0.03 sec)

5.7.20>show variables like '%keyring%';
Empty set (0.00 sec)

5.7.20>INSTALL PLUGIN keyring_file SONAME 'keyring_file.so';
Query OK, 0 rows affected (0.05 sec)

5.7.20>show variables like '%keyring%';
+-------------------+--------------------------+
| Variable_name     | Value                    |
+-------------------+--------------------------+
| keyring_file_data | /qa/ps/ms57/data/keyring |
+-------------------+--------------------------+
1 row in set (0.00 sec)

5.7.20>

Suggested fix:
keyring_file plugin reinstall should reset keyring_file_data as blank value
[14 Dec 2017 7:57] MySQL Verification Team 
Hello Ramesh,

Thank you for the report.

Thanks,
Umesh
[14 Dec 2017 8:01] MySQL Verification Team 
test results

Attachment: 88894.results (application/octet-stream, text), 3.13 KiB.
[25 Oct 2018 6:10] Erlend Dahl 
Posted by developer -  Bharathy X Satish

This kind of behavior is not specific to keyring_file plugin.
Start any plugin using --early-plugin-load with few more plugin specific
variables at command line and then after server is started change the plugin
specific variables value to some value. Next time plugin is re-installed
(that is uninstall plugin followed by install plugin) the value will always
be picked up from variables set from command line only. Value changed
dynamically using SET GLOBAL is lost once plugin is uninstalled.
IMHO this is expected behavior.