database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-27 18:02:13 +03:00
Code Activity

MDEV-15566: System tablespace does not easily key rotate to unencrypted

Browse Source 
Problem was that key rotation from encrypted to unecrypted was skipped
when encryption is disabled (i.e. set global innodb-encrypt-tables=OFF).

fil_crypt_needs_rotation
        If encryption is disabled (i.e. innodb-encrypt-tables=off)
	and there is tablespaces using default encryption (e.g.
	system tablespace) that are still encrypted state we need
	to rotate them from encrypted state to unencrypted state.
This commit is contained in:
Jan Lindström
2018-04-06 12:55:43 +03:00
parent 3be6cef593
commit 81075d45c6
4 changed files with 156 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
mysql-test/suite/encryption/r/innodb-remove-encryption.result Normal file
View File

@ -0,0 +1,41 @@
set global innodb_file_per_table=OFF;
call mtr.add_suppression("mysqld: file-key-management-filename is not set");
call mtr.add_suppression("Plugin 'file_key_management' init function returned error.");
call mtr.add_suppression("Plugin 'file_key_management' registration as a ENCRYPTION failed.");
flush tables;
create table t1(a int not null primary key, b char(200)) engine=innodb;
# Restart server with encryption
# Wait until encryption threads have encrypted all tablespaces
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
NAME
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
NAME
mysql/innodb_table_stats
mysql/innodb_index_stats
./ibdata1
# Success!
SELECT * from t1;
a b
# Now turn off encryption and wait for threads to decrypt all tablespaces
SET GLOBAL innodb_encrypt_tables = off;
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
NAME
mysql/innodb_table_stats
mysql/innodb_index_stats
./ibdata1
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
NAME
# Success!
# Restart server with no encryption setup, there should be no crashes
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION = 0;
NAME
mysql/innodb_table_stats
mysql/innodb_index_stats
./ibdata1
SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_VERSION <> 0;
NAME
SELECT * from t1;
a b
DROP TABLE t1;