MySQL Bugs: #95260: Default keyring file is unusable

Bug #95260	Default keyring file is unusable
Submitted:	6 May 2019 13:53	Modified:	7 May 2019 11:53
Reporter:	Ceri Williams	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Package Repos	Severity:	S3 (Non-critical)
Version:	8.0	OS:	Any
Assigned to:	MySQL Verification Team	CPU Architecture:	Any
Tags:	docker, encryption, keyring

Description:
The default path for the keyring_file is not available and so the keyring plugin will fail to work without setting the path.

[ERROR] [MY-011370] [Server] Plugin keyring_file reported: 'File '/var/lib/mysql-keyring/keyring' not found (OS errno 2 - No such file or directory)'

[ERROR] [MY-011355] [Server] Plugin keyring_file reported: 'keyring_file initialization failure. Please check if the keyring_file_data points to readable keyring file or keyring file can be created in the specified location. The keyring_file will stay unusable until correct path to the keyring file gets provided'

How to repeat:
$ docker run -it -d --name mysql-8.0 -e MYSQL_ROOT_PASSWORD=my-secret-pw mysql:8.0.15
$ docker exec -it mysql-8.0 mysql -p"my-secret-pw"

mysql> INSTALL PLUGIN keyring_file SONAME "keyring_file.so";
Query OK, 0 rows affected, 1 warning (0.06 sec)

mysql> show warnings;
+---------+------+------------------------------------------------------------------------------------------+
| Level   | Code | Message                                                                                  |
+---------+------+------------------------------------------------------------------------------------------+
| Warning |   29 | File '/var/lib/mysql-keyring/keyring' not found (OS errno 2 - No such file or directory) |
+---------+------+------------------------------------------------------------------------------------------+
1 row in set (0.02 sec)

mysql> system ls /var/lib
apt  dpkg  mecab  misc  mysql  pam  systemd

Suggested fix:
Ensure that the default path is available

Hi!

Seems like you are using Docker image from:

https://hub.docker.com/_/mysql

can you please try these instead:

 https://hub.docker.com/r/mysql/mysql-server

Hi Terje,

Indeed, you are correct! Might I suggest that Oracle take maintenance of the official Docker images, just like Percona does, so that the following gets the right image:

$ docker search --filter="is-official=true" mysql

You can close this bug and I'll report it to the docker-library repo.

Thanks,

Ceri

Thanks for quick feedback!