Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Do
-
10.1(EOL), 10.2(EOL)
-
None
Description
As noted in MDEV-13826, the merge of MySQL 5.7.9 into MariaDB 10.2.2 broke CREATE FULLTEXT INDEX on encrypted tables.
This was uncaught, because there are no encryption tests for FULLTEXT INDEX whatsoever.
To prevent further bugs like this, we must test FULLTEXT INDEX with encryption: both the index creation, and to ensure that the auxiliary FTS_*.ibd tables actually are encrypted.
I manually checked that the auxiliary tables are encrypted by applying this patch:
diff --git a/mysql-test/suite/encryption/t/encrypt_and_grep.test b/mysql-test/suite/encryption/t/encrypt_and_grep.test
|
index c5a10620f6e..278bf6febda 100644
|
--- a/mysql-test/suite/encryption/t/encrypt_and_grep.test
|
+++ b/mysql-test/suite/encryption/t/encrypt_and_grep.test
|
@@ -19,7 +19,7 @@ SET GLOBAL innodb_file_per_table = ON;
|
SET GLOBAL innodb_file_format = `Barracuda`;
|
--enable_warnings
|
|
-create table t1 (a varchar(255)) engine=innodb encrypted=yes;
|
+create table t1 (a varchar(255), FULLTEXT INDEX(a)) engine=innodb encrypted=yes;
|
create table t2 (a varchar(255)) engine=innodb;
|
show warnings;
|
create table t3 (a varchar(255)) engine=innodb encrypted=no;
|
@@ -59,7 +59,7 @@ SELECT NAME FROM INFORMATION_SCHEMA.INNODB_TABLESPACES_ENCRYPTION WHERE MIN_KEY_
|
|
--echo # Now turn off encryption and wait for threads to decrypt everything
|
|
-SET GLOBAL innodb_encrypt_tables = off;
|
+SET GLOBAL innodb_encrypto_tables = off;
|
|
--echo # Wait max 10 min for key encryption threads to decrypt all spaces
|
--let $wait_timeout= 600 |
After the test failed due to the intentional typo, I checked with
grep -l infimum var/log/encryption.encrypt_and_grep-*/mysqld.1/data/test/FTS*.ibd
|
that the internally created tables are encrypted. I also manually checked some files to ensure that they are not empty.
This should be done properly by extending the test.
To test the encryption of temporary files during CREATE FULLTEXT INDEX, the following test needs to be augmented:
diff --git a/mysql-test/suite/innodb_fts/t/innodb-fts-ddl.test b/mysql-test/suite/innodb_fts/t/innodb-fts-ddl.test
|
index 10dc1462c98..40bde24409f 100644
|
--- a/mysql-test/suite/innodb_fts/t/innodb-fts-ddl.test
|
+++ b/mysql-test/suite/innodb_fts/t/innodb-fts-ddl.test
|
@@ -1,5 +1,6 @@
|
# This is the DDL function tests for innodb FTS
|
|
+-- source include/innodb_encrypt_log.inc
|
-- source include/have_innodb.inc
|
|
# Create FTS table |
This is obviously not sufficient; similar to my change to innodb.innodb-index-online and innodb.innodb-table-online we should ensure that on successful operation, the amount of encrypted blocks equals the amount of decrypted blocks, and that when encryption is used, some encrypted blocks are being read and written.
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-