@GrahamcOfBorg test mysql

Unsure on darwin failure and currently no ability to look into it.

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/prs-in-distress/3604/11

I've dug into this on darwin and I can confirm that the patch is already present in this version of mariadb and can simply be removed.

Similarly the patch appears to be present in version 3.1.5 of mariadb-connector-c, which this PR doesn't update but whoever does update that should be aware.

I could do that as part of #71860

diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix
index dbb7f2e3fff..77413b825c6 100644
--- a/pkgs/servers/sql/mariadb/default.nix
+++ b/pkgs/servers/sql/mariadb/default.nix
@@ -46,12 +46,7 @@ common = rec { # attributes common to both builds
   patches = [
     ./cmake-includedir.patch
     ./cmake-libmariadb-includedir.patch
-  ] ++ optional stdenv.hostPlatform.isDarwin (fetchpatch {
-    url = "https://github.com/MariaDB/mariadb-connector-c/commit/ee91b2c98a63acb787114dee4f2694e154630928.patch";
-    extraPrefix = "libmariadb/";
-    sha256 = "06i865zwyhs9fvrgmargzn09pbg1cmably3c4wifd241bj8ig8qk";
-    stripLen = 1;
-  });
+  ];
 
   cmakeFlags = [
     "-DBUILD_CONFIG=mysql_release"

With this diff applied I've gotten past the patch phase and am currently in the process of building.

Build failed:

builder for '/nix/store/8pm4jr9cji1yfk6gfbi1bazkssbgbh1a-mariadb-server-10.3.18.drv' failed with exit code 2; last 10 log lines:
        _auth_sha256_client in sha256_pw.c.o
    "_RSA_public_encrypt", referenced from:
        _auth_sha256_client in sha256_pw.c.o
    "_RSA_size", referenced from:
        _auth_sha256_client in sha256_pw.c.o
  ld: symbol(s) not found for architecture x86_64
  clang-7: error: linker command failed with exit code 1 (use -v to see invocation)
  make[2]: *** [libmariadb/CMakeFiles/sha256_password.dir/build.make:84: libmariadb/sha256_password.so] Error 1
  make[1]: *** [CMakeFiles/Makefile2:605: libmariadb/CMakeFiles/sha256_password.dir/all] Error 2
  make: *** [Makefile:152: all] Error 2
cannot build derivation '/nix/store/58axybx0k1gg4svqqh4k25wyaavirj8s-env.drv': 1 dependencies couldn't be built
[0 built (1 failed), 1 copied (68.6 MiB), 62.7 MiB DL]
error: build of '/nix/store/58axybx0k1gg4svqqh4k25wyaavirj8s-env.drv' failed
1 package failed to build:
mariadb

Though now I'm wondering why the build failure said 10.3.18. I used nix-review off of the current working tree.

Ok forget that failure. I suspect what happened was nix-review just applied my staged changes (removing the patch) on top of the current nixpkgs instead of using the commit I had checked out. That would be explained by a variable named CRYPT_LIBS being broken. I'll let you know when my rebuild finishes.

I am added update MariaDB to 10.3.20 in #70924

This build takes a long time and I need to run. I'm cancelling my build, but suffice to say it got well past sha256_password (the spurious failure reported before). I'll let ofBorg deal with rebuilding this after the patch is removed, or with building #70924 instead.

@Izorkin I'm not sure what the state of your other PR is, but it has been sitting for a while. Since this is a security update I think it makes sense to have a very simple PR which can be merged quickly and have a backport in good time.

If your other PR is merged before this one that is fine too. Whatever gets security release faster is what we can go with.

@lilyball so this PR should be good to go on darwin now that I have updated... maybe? 😄

@filalex77 @jonringer @lilyball @Izorkin thanks for feedback so far. I had a busy day and didn't get a chance to respond so I appreciate the work you put in on this 🎉

Looks like ofBorg successfully built this on darwin 🎉

@GrahamcOfBorg test mysql

the tests passed locally

Thanks again, all! 🎉

Right... security fixes included. Anyone interested in doing backport? ❤️