[MDEV-18752] AWS Key Management Plugin No Longer Available from APT Repo Created: 2019-02-27  Updated: 2020-08-15  Resolved: 2019-02-27

Status: Closed
Project: MariaDB Server
Component/s: Plugin - AWS key management
Affects Version/s: 10.3.11, 10.2.22
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Anthony Assignee: Sergei Golubchik
Resolution: Not a Bug Votes: 0
Labels: None
Environment:

Debian Stretch 9


 Description   

AWS Key Management Plugin no longer available from the MariaDB Corporation APT repository.

To reproduce: 

curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash
 
sudo apt-get update
 
sudo apt-get install mariadb-server
 
sudo apt-get install mariadb-plugin-aws-key-management-10.3

Produces output:

E: Unable to locate package mariadb-plugin-aws-key-management-10.3
 
E: Couldn't find any package by glob 'mariadb-plugin-aws-key-management-10.3'
 
E: Couldn't find any package by regex 'mariadb-plugin-aws-key-management-10.3'



 Comments   
Comment by Sergei Golubchik [ 2019-02-27 ]

Yes, this is intentional. Unfortunately we cannot distribute aws_key_management plugin — the fact that we did before was a mistake.

This plugin uses (and is linked with) AWS C++ SDK, which is available under the Apache 2.0 license. And this license it not compatible with GPLv2.

You can build this plugin yourself by using the cmake option -DNOT_FOR_DISTRIBUTION=1, the plugin wil be built and you'll get a warning that the result is not GPL and cannot be distributed.

If we'll find a replacement for AWS C++ SDK that uses a GPLv2 compatible license, we will be able to switch to it and distribute the plugin again.

Sorry for this.

Comment by Anthony [ 2019-02-27 ]

Thanks for the quick reply.

I see, that's unfortunate.

Comment by Anthony [ 2019-02-27 ]

Is it possible to just build the aws_key_management plugin, or do I have to build the entire mariadb source?

Comment by Jeffrey Hunter [ 2019-03-08 ]

I was able to put together the pieces to compile the aws_key_management plugin from source. I now have it working!

install build dependencies

yum-builddep -y mariadb-server
 
yum install -y git \
 
    gcc \
 
    gcc-c++ \
 
    bison \
 
    libxml2-devel \
 
    libevent-devel \
 
    rpm-build

download MariaDB source

cd /usr/local/src
 
git clone --branch 10.3 https://github.com/MariaDB/server.git

run CMake to read MariaDB for the build

mkdir /usr/local/src/build-mariadb
 
cd /usr/local/src/build-mariadb
 
cmake -DRPM=centos7 \
 
      -DPLUGIN_AWS_KEY_MANAGEMENT=DYNAMIC \
 
      -DAWS_SDK_EXTERNAL_PROJECT=1 \
 
      -DNOT_FOR_DISTRIBUTION=1 \
 
      ../server


CMake Warning at CMakeLists.txt:505 (MESSAGE):
 
 
 
 
 
  You have linked MariaDB with GPLv3 libraries! You may not distribute the
 
  resulting binary.  If you do, you will put yourself into a legal problem
 
  with the Free Software Foundation.

build MariaDB

make aws_key_management

copy aws_key_management plugin

cp ./plugin/aws_key_management/aws_key_management.so \
 
   /usr/lib64/mysql/plugin/aws_key_management.so

Comment by Chris Topher [ 2019-05-29 ]

For those of you that use Docker, I created a Docker image that builds the AWS Key Management Plugin from source. The resulting aws_key_management.so is compatible with the Docker official images for MariaDB.

To make aws_key_management.so, do the following:

docker run --name aws_key_management_build creemama/mariadb-aws_key_management-plugin-build:latest
 
docker cp aws_key_management_build:/usr/local/src/build-mariadb/plugin/aws_key_management/aws_key_management.so .

Examine the Dockerfile for the steps used to build the plugin.

Generated at Thu Feb 08 08:46:28 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.