diff --git a/.drone.star b/.drone.star index 087d37cbe..e96fa18f1 100644 --- a/.drone.star +++ b/.drone.star @@ -75,6 +75,27 @@ def _find_package_b2_command(source_dir, generator): '--generator="{}" '.format(generator) +def _make_entrypoint(db): + if db.startswith('mysql:'): + # MySQL generic. Sanitize UNIX socket permissions and launch the server with the adequate TLS files + res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld " + \ + "--ssl-ca=/tls/ca-cert.pem " + \ + "--ssl-cert=/tls/server-cert.pem " + \ + "--ssl-key=/tls/server-key.pem " + if db.startswith('mysql:8.'): + # v8.x needs this flag to enable mysql_native_password + res += "--mysql-native-password=ON" + else: + # MariaDB changed the default socket path, so we provide it explicitly + res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mariadbd " + \ + "--ssl-ca=/tls/ca-cert.pem " + \ + "--ssl-cert=/tls/server-cert.pem " + \ + "--ssl-key=/tls/server-key.pem " + \ + "--socket=/var/run/mysqld/mysqld.sock" + + return res + + def _pipeline( name, image, @@ -85,6 +106,20 @@ def _pipeline( disable_aslr=False ): steps = [] + + # Volumes, common to all steps + volumes = [ + { + "name": "mysql-socket", + "path": "/var/run/mysqld" + }, + { + "name": "tls-certificates", + "path": "/tls" + } + ] if db != None else [] + + # Disable ASLR if disable_aslr: steps.append({ "name": "Disable ASLR", @@ -93,15 +128,60 @@ def _pipeline( "privileged": True, "commands": ["echo 0 | tee /proc/sys/kernel/randomize_va_space"] }) + + # Generate certificates + gen_certificates = db != None or os == "windows" + cert_path = "C:\\ssl\\" if os == "windows" else "/tls/" + ca_path = cert_path + "ca-cert.pem" + if gen_certificates: + steps.append({ + "name": "Generate certificates", + "image": image, + "pull": "if-not-exists", + "volumes": volumes, + "commands": [ + "python tools/ci/gen-certificates.py {}".format(cert_path) + ] + }) + + # Start the database + if db != None: + steps.append({ + "name": "mysql", + "image": db, + "pull": "if-not-exists", + "detach": True, + "environment": { + "MYSQL_ALLOW_EMPTY_PASSWORD": "1", + "MYSQL_ROOT_PASSWORD": "" + }, + "entrypoint": [ + "/bin/bash", + "-c", + _make_entrypoint(db) + ], + "volumes": volumes + }) + elif os == "windows": + steps.append({ + "name": "Restart MySQL", + "commands": [ + "net stop MySQL", + "net start MySQL" + ] + }) + + + # Run the build steps.append({ "name": "Build and run", "image": image, "pull": "if-not-exists", "privileged": arch == "arm64", # TSAN tests fail otherwise (personality syscall) - "volumes":[{ - "name": "mysql-socket", - "path": "/var/run/mysqld" - }] if db != None else [], + "volumes": volumes, + "environment": { + "BOOST_MYSQL_CA_CERTIFICATE": ca_path + }, "commands": [command] }) @@ -119,18 +199,16 @@ def _pipeline( }, "node": {}, "steps": steps, - "services": [{ - "name": "mysql", - "image": "ghcr.io/anarthal/cpp-ci-containers/{}".format(db), - "volumes": [{ + "volumes": [ + { "name": "mysql-socket", - "path": "/var/run/mysqld" - }] - }] if db != None else [], - "volumes": [{ - "name": "mysql-socket", - "temp": {} - }] if db != None else [] + "temp": {} + }, + { + "name": "tls-certificates", + "temp": {} + } + ] } @@ -149,7 +227,7 @@ def linux_b2( valgrind=0, arch='amd64', fail_if_no_openssl=1, - db='mysql-8_4_1:1', + db='mysql:8.4.1', ): command = _b2_command( source_dir='$(pwd)', @@ -201,7 +279,7 @@ def windows_b2( def linux_cmake( name, image, - db='mysql-8_4_1:1', + db='mysql:8.4.1', build_shared_libs=0, cmake_build_type='Debug', cxxstd='20', @@ -270,7 +348,7 @@ def bench(name): '--server-host=mysql ' + \ '--connection-pool-iters=1 ' + \ '--protocol-iters=1 ' - return _pipeline(name=name, image=_image('build-bench:1'), os='linux', command=command, db='mysql-8_4_1:1') + return _pipeline(name=name, image=_image('build-bench:1'), os='linux', command=command, db='mysql:8.4.1') def docs(name): @@ -286,8 +364,8 @@ def docs(name): def main(ctx): return [ # CMake Linux - linux_cmake('Linux CMake MySQL 5.x', _image('build-gcc14:1'), db='mysql-5_7_41:1', build_shared_libs=0), - linux_cmake('Linux CMake MariaDB', _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1), + linux_cmake('Linux CMake MySQL 5.x', _image('build-gcc14:1'), db='mysql:5.7.41', build_shared_libs=0), + linux_cmake('Linux CMake MariaDB', _image('build-gcc14:1'), db='mariadb:11.4.2', build_shared_libs=1), linux_cmake('Linux CMake cmake 3.8', _image('build-cmake3_8:3'), cxxstd='11', install_test=0), linux_cmake('Linux CMake gcc Release', _image('build-gcc14:1'), cmake_build_type='Release'), linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'), @@ -318,7 +396,7 @@ def main(ctx): linux_b2('Linux B2 clang-10', _image('build-clang10:2'), toolset='clang-10', cxxstd='17,20', variant='debug'), linux_b2('Linux B2 clang-11', _image('build-clang11:2'), toolset='clang-11', cxxstd='20'), linux_b2('Linux B2 clang-12', _image('build-clang12:2'), toolset='clang-12', cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1), - linux_b2('Linux B2 clang-13', _image('build-clang13:1'), toolset='clang-13', cxxstd='20', db='mysql-9_4_0:1'), + linux_b2('Linux B2 clang-13', _image('build-clang13:1'), toolset='clang-13', cxxstd='20', db='mysql:9.4.0'), linux_b2('Linux B2 clang-14', _image('build-clang14:1'), toolset='clang-14', cxxstd='20', variant='debug'), linux_b2('Linux B2 clang-15', _image('build-clang15:1'), toolset='clang-15', cxxstd='20', variant='debug'), linux_b2('Linux B2 clang-16', _image('build-clang16:1'), toolset='clang-16', cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1), @@ -338,7 +416,7 @@ def main(ctx): linux_b2('Linux B2 gcc-10', _image('build-gcc10:1'), toolset='gcc-10', cxxstd='17'), linux_b2('Linux B2 gcc-11', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20'), linux_b2('Linux B2 gcc-12', _image('build-gcc12:1'), toolset='gcc-12', cxxstd='20,23', variant='debug'), - linux_b2('Linux B2 gcc-13', _image('build-gcc13:1'), toolset='gcc-13', cxxstd='20', db='mysql-9_4_0:1'), + linux_b2('Linux B2 gcc-13', _image('build-gcc13:1'), toolset='gcc-13', cxxstd='20', db='mysql:9.4.0'), linux_b2('Linux B2 gcc-14', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23'), linux_b2('Linux B2 gcc-15', _image('build-gcc15:1'), toolset='gcc-15', cxxstd='23'), linux_b2('Linux B2 gcc-sanit', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1), diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 1b7411701..c4394922d 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -17,27 +17,23 @@ on: jobs: coverage: runs-on: ubuntu-latest - container: - image: ghcr.io/anarthal/cpp-ci-containers/build-gcc14-lcov:1 - volumes: - - /var/run/mysqld:/var/run/mysqld - services: - mysql: - image: ghcr.io/anarthal/cpp-ci-containers/mysql-8_4_1:1 - ports: - - 3306:3306 - volumes: - - /var/run/mysqld:/var/run/mysqld steps: - name: Fetch code uses: actions/checkout@v4 + - name: Start containers + uses: hoverkraft-tech/compose-action@v2.5.0 + with: + compose-file: ./tools/ci/docker-compose.yml + env: + BUILDER_IMAGE: ghcr.io/anarthal/cpp-ci-containers/build-gcc14-lcov:1 + - name: Build code run: | - python tools/ci/main.py \ - --source-dir=$(pwd) \ + docker exec builder python /boost-mysql/tools/ci/main.py \ + --source-dir=/boost-mysql \ b2 \ - --server-host=mysql \ + --server-host=localhost \ --toolset=gcc \ --cxxstd=20 \ --variant=debug \ @@ -47,20 +43,19 @@ jobs: - name: Generate coverage reports shell: bash run: | - cd ~/boost-root/bin.v2 - lcov \ + docker exec builder lcov \ --rc branch_coverage=0 \ --rc geninfo_unexecuted_blocks=1 \ --ignore-errors mismatch \ --gcov-tool gcov-14 \ - --directory . \ + --directory ~/boost-root/bin.v2 \ --capture \ --output-file all.info - lcov \ + docker exec builder lcov \ --rc branch_coverage=0 \ --output-file coverage.info \ --extract all.info '*/boost/mysql*' - sed "s|^SF:$HOME/boost-root/|SF:include/|g" coverage.info > $GITHUB_WORKSPACE/coverage.info + docker exec builder sed "s|^SF:$HOME/boost-root/|SF:include/|g" coverage.info > /boost-mysql/coverage.info - name: Upload coverage reports uses: codecov/codecov-action@v4 diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index e9aa8ce95..6e2dfba86 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -10,7 +10,7 @@ name: fuzz on: push: branches: [develop, master] - tags: ['*'] + tags: ["*"] pull_request: workflow_dispatch: schedule: @@ -19,35 +19,35 @@ on: jobs: fuzz: runs-on: ubuntu-latest - container: - image: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1 - volumes: - - /var/run/mysqld:/var/run/mysqld - services: - mysql: - image: ghcr.io/anarthal/cpp-ci-containers/mysql-8_4_1:1 - ports: - - 3306:3306 - volumes: - - /var/run/mysqld:/var/run/mysqld steps: - name: Fetch code uses: actions/checkout@v4 + - name: Start containers + uses: hoverkraft-tech/compose-action@v2.5.0 + with: + compose-file: ./tools/ci/docker-compose.yml + env: + BUILDER_IMAGE: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1 + - name: Restore corpus uses: actions/cache@v4 with: path: /tmp/corpus.tar.gz key: corpus-${{ github.run_id }} restore-keys: corpus- - + # Note: this will take care of using the corpus and updating it - name: Build and run the fuzzer run: | - python tools/ci/main.py \ - --source-dir=$(pwd) \ - fuzz \ - --server-host=mysql + docker exec builder python /boost-mysql/tools/ci/main.py \ + --source-dir=/boost-mysql \ + fuzz + + - name: Copy crashes from container + if: always() + run: | + docker exec builder bash -c 'cp /root/boost-root/crash-* /root/boost-root/leak-* /root/boost-root/timeout-* /boost-mysql/ || true' - name: Archive any crashes as an artifact uses: actions/upload-artifact@v4 @@ -55,7 +55,7 @@ jobs: with: name: crashes path: | - ~/boost-root/crash-* - ~/boost-root/leak-* - ~/boost-root/timeout-* + crash-* + leak-* + timeout-* if-no-files-found: ignore diff --git a/test/integration/include/test_integration/server_ca.hpp b/test/integration/include/test_integration/server_ca.hpp deleted file mode 100644 index 7ced5d3e7..000000000 --- a/test/integration/include/test_integration/server_ca.hpp +++ /dev/null @@ -1,43 +0,0 @@ -// -// Copyright (c) 2019-2025 Ruben Perez Hidalgo (rubenperez038 at gmail dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef BOOST_MYSQL_TEST_INTEGRATION_INCLUDE_TEST_INTEGRATION_SERVER_CA_HPP -#define BOOST_MYSQL_TEST_INTEGRATION_INCLUDE_TEST_INTEGRATION_SERVER_CA_HPP - -namespace boost { -namespace mysql { -namespace test { - -// The CA file that signed the server's certificate -constexpr const char CA_PEM[] = R"%(-----BEGIN CERTIFICATE----- -MIIDZzCCAk+gAwIBAgIUWznm2UoxXw3j7HCcp9PpiayTvFQwDQYJKoZIhvcNAQEL -BQAwQjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAMBgNVBAoM -BW15c3FsMQ4wDAYDVQQDDAVteXNxbDAgFw0yMDA0MDQxNDMwMjNaGA8zMDE5MDgw -NjE0MzAyM1owQjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAM -BgNVBAoMBW15c3FsMQ4wDAYDVQQDDAVteXNxbDCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAN0WYdvsDb+a0TxOGPejcwZT0zvTrf921mmDUlrLN1Z0hJ/S -ydgQCSD7Q+6za4lTFZCXcvs52xvvS2gfC0yXyYLCT/jA4RQRxuF+/+w1gDWEbGk0 -KzEpsBuKrEIvEaVdoS78SxInnW/aegshdrRRocp4JQ6KHsZgkLTxSwPfYSUmMUo0 -cRO0Q/ak3VK8NP13A6ZFvZjrBxjS3cSw9HqilgADcyj1D4EokvfI1C9LrgwgLlZC -XVkjjBqqoMXGGlnXOEK+pm8bU68HM/QvMBkb1Amo8pioNaaYgqJUCP0Ch0iu1nUU -HtsWt6emXv0jANgIW0oga7xcT4MDGN/M+IRWLTECAwEAAaNTMFEwHQYDVR0OBBYE -FNxhaGwf5ePPhzK7yOAKD3VF6wm2MB8GA1UdIwQYMBaAFNxhaGwf5ePPhzK7yOAK -D3VF6wm2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAoeJCAX -IDCFoAaZoQ1niI6Ac/cds8G8It0UCcFGSg+HrZ0YujJxWIruRCUG60Q2OAbEvn0+ -uRpTm+4tV1Wt92WFeuRyqkomozx0g4CyfsxGX/x8mLhKPFK/7K9iTXM4/t+xQC4f -J+iRmPVsMKQ8YsHYiWVhlOMH9XJQiqERCB2kOKJCH6xkaF2k0GbM2sGgbS7Z6lrd -fsFTOIVx0VxLVsZnWX3byE9ghnDR5jn18u30Cpb/R/ShxNUGIHqRa4DkM5la6uZX -W1fpSW11JBSUv4WnOO0C2rlIu7UJWOROqZZ0OsybPRGGwagcyff2qVRuI2XFvAMk -OzBrmpfHEhF6NDU= ------END CERTIFICATE----- -)%"; - -} // namespace test -} // namespace mysql -} // namespace boost - -#endif diff --git a/test/integration/test/handshake.cpp b/test/integration/test/handshake.cpp index 819f1569e..193809f11 100644 --- a/test/integration/test/handshake.cpp +++ b/test/integration/test/handshake.cpp @@ -26,8 +26,11 @@ #include #include +#include +#include #include #include +#include #include #include @@ -39,7 +42,6 @@ #include "test_common/source_location.hpp" #include "test_integration/any_connection_fixture.hpp" #include "test_integration/connect_params_builder.hpp" -#include "test_integration/server_ca.hpp" #include "test_integration/server_features.hpp" #include "test_integration/tcp_connection_fixture.hpp" @@ -51,6 +53,22 @@ namespace data = boost::unit_test::data; namespace { +// Retrieves the CA certificate that signed the server's certificate +std::string read_ca_pem() +{ + auto path = safe_getenv("BOOST_MYSQL_CA_CERTIFICATE", "/opt/ci-tls-mysql/ca-cert.pem"); + std::ifstream ifs(path); + if (!ifs) + throw std::system_error(errno, std::system_category(), "Failed to open " + std::string(path)); + return std::string(std::istreambuf_iterator(ifs), std::istreambuf_iterator()); +} + +string_view get_ca_pem() +{ + static std::string res = read_ca_pem(); + return res; +} + BOOST_AUTO_TEST_SUITE(test_handshake) // Handshake is the most convoluted part of MySQL protocol, @@ -362,7 +380,7 @@ BOOST_AUTO_TEST_CASE(certificate_valid) // Setup asio::ssl::context ssl_ctx(asio::ssl::context::tls_client); ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer); - ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM)); + ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem())); any_connection_fixture fix(ssl_ctx); // Connect works @@ -390,7 +408,7 @@ BOOST_AUTO_TEST_CASE(custom_certificate_verification_success) // Setup asio::ssl::context ssl_ctx(asio::ssl::context::tls_client); ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer); - ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM)); + ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem())); ssl_ctx.set_verify_callback(boost::asio::ssl::host_name_verification("mysql")); any_connection_fixture fix(ssl_ctx); @@ -405,7 +423,7 @@ BOOST_AUTO_TEST_CASE(custom_certificate_verification_error) // Setup asio::ssl::context ssl_ctx(asio::ssl::context::tls_client); ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer); - ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM)); + ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem())); ssl_ctx.set_verify_callback(boost::asio::ssl::host_name_verification("host.name")); any_connection_fixture fix(ssl_ctx); @@ -422,7 +440,7 @@ BOOST_FIXTURE_TEST_CASE(tcp_ssl_connection_, io_context_fixture) // Setup asio::ssl::context ssl_ctx(asio::ssl::context::tls_client); ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer); - ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM)); + ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem())); ssl_ctx.set_verify_callback(boost::asio::ssl::host_name_verification("host.name")); tcp_ssl_connection conn(ctx, ssl_ctx); auto params = connect_params_builder().build_hparams(); diff --git a/tools/ci/docker-compose.yml b/tools/ci/docker-compose.yml new file mode 100644 index 000000000..be147b5e9 --- /dev/null +++ b/tools/ci/docker-compose.yml @@ -0,0 +1,27 @@ +services: + mysql: + image: mysql:8.4.1 + network_mode: host + environment: + MYSQL_ALLOW_EMPTY_PASSWORD: "1" + MYSQL_ROOT_PASSWORD: "" + volumes: + - /opt/ci-tls-mysql:/tls + - /var/run/mysqld:/var/run/mysqld + command: > + /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \ + /usr/local/bin/docker-entrypoint.sh mysqld \ + --mysql-native-password=ON \ + --ssl-ca=/tls/ca-cert.pem \ + --ssl-cert=/tls/server-cert.pem \ + --ssl-key=/tls/server-key.pem + ' + builder: + container_name: builder + image: ${BUILDER_IMAGE} + network_mode: host + tty: true + volumes: + - ../../:/boost-mysql + - /opt/ci-tls-mysql:/tls + - /var/run/mysqld:/var/run/mysqld diff --git a/tools/ci/gen-certificates.py b/tools/ci/gen-certificates.py new file mode 100755 index 000000000..32f24b920 --- /dev/null +++ b/tools/ci/gen-certificates.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python3 +# Copyright (c) 2026 Ruben Perez Hidalgo (rubenperez038 at gmail dot com) +# +# Distributed under the Boost Software License, Version 1.0. (See +# accompanying file LICENSE.txt) +# + +# Generates the ca and certificates used for CI testing. +# Usage: python gen-certificates.py [output-dir] + +import os +import subprocess +import sys +import stat + + +def _run_openssl(*args: str) -> None: + print(f' + {" ".join(args)}') + subprocess.run(['openssl', *args], check=True) + + +def main() -> None: + output_dir = sys.argv[1] if len(sys.argv) > 1 else '/opt/ci-tls-mysql' + os.makedirs(output_dir, exist_ok=True) + os.chdir(output_dir) + + ca_key = os.path.join(output_dir, 'ca-key.pem') + ca_crt = os.path.join(output_dir, 'ca-cert.pem') + server_key = os.path.join(output_dir, 'server-key.pem') + server_csr = os.path.join(output_dir, 'server.csr') + server_crt = os.path.join(output_dir, 'server-cert.pem') + + # CA private key + _run_openssl('genpkey', '-algorithm', 'RSA', '-out', ca_key, '-pkeyopt', 'rsa_keygen_bits:2048') + + # CA certificate + _run_openssl( + 'req', '-x509', '-new', '-nodes', '-key', ca_key, '-sha256', + '-days', '20000', '-out', ca_crt, + '-subj', '/C=ES/O=Boost.MySQL CI CA/OU=IT/CN=boost-mysql-ci-ca', + ) + + # Server private key + _run_openssl('genpkey', '-algorithm', 'RSA', '-out', server_key, '-pkeyopt', 'rsa_keygen_bits:2048') + + # Server certificate + _run_openssl( + 'req', '-new', '-key', server_key, '-out', server_csr, + '-subj', '/C=ES/O=Boost.MySQL CI CA/OU=IT/CN=mysql', + ) + _run_openssl( + 'x509', '-req', '-in', server_csr, '-CA', ca_crt, '-CAkey', ca_key, + '-CAcreateserial', '-out', server_crt, '-days', '20000', '-sha256', + ) + os.remove(server_csr) + os.remove(ca_key) + + # Required when running with Docker because of mismatched user IDs + read_only = stat.S_IRUSR | stat.S_IRGRP | stat.S_IROTH # 444 + for name in os.listdir(output_dir): + os.chmod(os.path.join(output_dir, name), read_only) + + +if __name__ == '__main__': + main() diff --git a/tools/osx-ci.cnf b/tools/osx-ci.cnf index 146021e23..11d9d493c 100644 --- a/tools/osx-ci.cnf +++ b/tools/osx-ci.cnf @@ -7,9 +7,9 @@ [mysqld] socket=/var/run/mysqld/mysqld.sock -ssl-ca=/etc/ssl/certs/mysql/ca-cert.pem -ssl-cert=/etc/ssl/certs/mysql/server-cert.pem -ssl-key=/etc/ssl/certs/mysql/server-key.pem +ssl-ca=/tmp/mysql-tls/ca-cert.pem +ssl-cert=/tmp/mysql-tls/server-cert.pem +ssl-key=/tmp/mysql-tls/server-key.pem [client] socket=/var/run/mysqld/mysqld.sock \ No newline at end of file diff --git a/tools/setup_db_osx.sh b/tools/setup_db_osx.sh index 6ec0b1436..9d1800987 100644 --- a/tools/setup_db_osx.sh +++ b/tools/setup_db_osx.sh @@ -13,10 +13,12 @@ brew install mysql@8.0 export PATH="/opt/homebrew/opt/mysql@8.0/bin:$PATH" +# Generate the certificates +mkdir -p /tmp/mysql-tls +python tools/ci/gen-certificates.py /tmp/mysql-tls + # Copy config files and set up paths cp tools/osx-ci.cnf ~/.my.cnf -sudo mkdir -p /etc/ssl/certs/mysql/ -sudo cp tools/ssl/*.pem /etc/ssl/certs/mysql/ sudo mkdir -p /var/run/mysqld/ sudo chmod 777 /var/run/mysqld/