From 393c3649446ade50b0958d3b9db334203ffac748 Mon Sep 17 00:00:00 2001
From: Bitnami Bot <bitnami-bot@vmware.com>
Date: Tue, 2 Jul 2024 16:57:05 +0200
Subject: [PATCH] [bitnami/mariadb-galera] Release 10.4.34-debian-12-r4
 (#68563)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
---
 .../mariadb-galera/10.4/debian-12/Dockerfile  |   6 +-
 .../opt/bitnami/.bitnami_components.json      |   2 +-
 .../opt/bitnami/scripts/libmariadbgalera.sh   | 662 +++++++++++++++++-
 .../rootfs/opt/bitnami/scripts/mariadb-env.sh |   3 +
 bitnami/mariadb-galera/README.md              |   1 +
 5 files changed, 644 insertions(+), 30 deletions(-)

diff --git a/bitnami/mariadb-galera/10.4/debian-12/Dockerfile b/bitnami/mariadb-galera/10.4/debian-12/Dockerfile
index 89937cabc8f3..573a7164bd02 100644
--- a/bitnami/mariadb-galera/10.4/debian-12/Dockerfile
+++ b/bitnami/mariadb-galera/10.4/debian-12/Dockerfile
@@ -7,11 +7,11 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2024-07-01T13:28:52Z" \
+      org.opencontainers.image.created="2024-07-02T14:32:58Z" \
       org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
       org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera/README.md" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="10.4.34-debian-12-r3" \
+      org.opencontainers.image.ref.name="10.4.34-debian-12-r4" \
       org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/mariadb-galera" \
       org.opencontainers.image.title="mariadb-galera" \
       org.opencontainers.image.vendor="Broadcom, Inc." \
@@ -29,7 +29,7 @@ RUN install_packages ca-certificates curl iproute2 ldap-utils libaio1 libaudit1
 RUN mkdir -p /tmp/bitnami/pkg/cache/ ; cd /tmp/bitnami/pkg/cache/ ; \
     COMPONENTS=( \
       "ini-file-1.4.6-14-linux-${OS_ARCH}-debian-12" \
-      "mariadb-galera-10.4.34-1-linux-${OS_ARCH}-debian-12" \
+      "mariadb-galera-10.4.34-2-linux-${OS_ARCH}-debian-12" \
     ) ; \
     for COMPONENT in "${COMPONENTS[@]}"; do \
       if [ ! -f "${COMPONENT}.tar.gz" ]; then \
diff --git a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json b/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
index 66badb219ccc..b6f2c9acd0fb 100644
--- a/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/mariadb-galera/10.4/debian-12/prebuildfs/opt/bitnami/.bitnami_components.json
@@ -9,6 +9,6 @@
         "arch": "amd64",
         "distro": "debian-12",
         "type": "NAMI",
-        "version": "10.4.34-1"
+        "version": "10.4.34-2"
     }
 }
\ No newline at end of file
diff --git a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/libmariadbgalera.sh b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/libmariadbgalera.sh
index 5291338734f8..9248ac059ef7 100644
--- a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/libmariadbgalera.sh
+++ b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/libmariadbgalera.sh
@@ -1,3 +1,628 @@
+#!/bin/bash
+# Copyright Broadcom, Inc. All Rights Reserved.
+# SPDX-License-Identifier: APACHE-2.0
+#
+# Bitnami MySQL library
+
+# shellcheck disable=SC1090,SC1091,SC2119,SC2120
+
+# Load Generic Libraries
+. /opt/bitnami/scripts/libfile.sh
+. /opt/bitnami/scripts/liblog.sh
+. /opt/bitnami/scripts/libfs.sh
+. /opt/bitnami/scripts/libos.sh
+. /opt/bitnami/scripts/libservice.sh
+. /opt/bitnami/scripts/libvalidations.sh
+. /opt/bitnami/scripts/libversion.sh
+
+########################
+# Configure database extra start flags
+# Globals:
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   Array with extra flags to use
+#########################
+mysql_extra_flags() {
+    local randNumber
+    local -a dbExtraFlags=()
+    # shellcheck disable=SC2153
+    read -r -a userExtraFlags <<< "$DB_EXTRA_FLAGS"
+
+    if [[ -n "$DB_REPLICATION_MODE" ]]; then
+        randNumber="$(head /dev/urandom | tr -dc 0-9 | head -c 3 ; echo '')"
+        dbExtraFlags+=("--server-id=$randNumber" "--binlog-format=ROW" "--log-bin=mysql-bin" "--sync-binlog=1")
+        if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then
+            dbExtraFlags+=("--relay-log=mysql-relay-bin" "--log-slave-updates=1" "--read-only=1")
+        elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then
+            dbExtraFlags+=("--innodb_flush_log_at_trx_commit=1")
+        fi
+    fi
+
+    [[ "${#userExtraFlags[@]}" -eq 0 ]] || dbExtraFlags+=("${userExtraFlags[@]}")
+
+    echo "${dbExtraFlags[@]:-}"
+}
+
+########################
+# Validate settings in MYSQL_*/MARIADB_* environment variables
+# Globals:
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+mysql_validate() {
+    info "Validating settings in MYSQL_*/MARIADB_* env vars"
+    local error_code=0
+
+    # Auxiliary functions
+    print_validation_error() {
+        error "$1"
+        error_code=1
+    }
+
+    empty_password_enabled_warn() {
+        warn "You set the environment variable ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}. For safety reasons, do not use this flag in a production environment."
+    }
+    empty_password_error() {
+        print_validation_error "The $1 environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development."
+    }
+    backslash_password_error() {
+        print_validation_error "The password cannot contain backslashes ('\'). Set the environment variable $1 with no backslashes (more info at https://dev.mysql.com/doc/refman/8.0/en/string-comparison-functions.html)"
+    }
+
+    if [[ -n "$DB_REPLICATION_MODE" ]]; then
+        if [[ "$DB_REPLICATION_MODE" = "master" ]]; then
+            if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then
+                empty_password_enabled_warn
+            else
+                if [[ -n "$DB_REPLICATION_USER" ]] && [[ -z "$DB_REPLICATION_PASSWORD" ]]; then
+                    empty_password_error "$(get_env_var REPLICATION_PASSWORD)"
+                fi
+                if [[ -z "$DB_ROOT_PASSWORD" ]]; then
+                    empty_password_error "$(get_env_var ROOT_PASSWORD)"
+                fi
+                if (( ${#DB_ROOT_PASSWORD} > 32 )); then
+                    print_validation_error "The password can not be longer than 32 characters. Set the environment variable $(get_env_var ROOT_PASSWORD) with a shorter value (currently ${#DB_ROOT_PASSWORD} characters)"
+                fi
+                if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then
+                    empty_password_error "$(get_env_var PASSWORD)"
+                fi
+            fi
+        elif [[ "$DB_REPLICATION_MODE" = "slave" ]]; then
+            if [[ -z "$DB_MASTER_HOST" ]]; then
+                print_validation_error "Slave replication mode chosen without setting the environment variable $(get_env_var MASTER_HOST). Use it to indicate where the Master node is running"
+            fi
+        else
+            print_validation_error "Invalid replication mode. Available options are 'master/slave'"
+        fi
+    else
+        if is_boolean_yes "$ALLOW_EMPTY_PASSWORD"; then
+            empty_password_enabled_warn
+        else
+            if [[ -z "$DB_ROOT_PASSWORD" ]]; then
+                empty_password_error "$(get_env_var ROOT_PASSWORD)"
+            fi
+            if [[ -n "$DB_USER" ]] && [[ -z "$DB_PASSWORD" ]]; then
+                empty_password_error "$(get_env_var PASSWORD)"
+            fi
+        fi
+    fi
+    if [[ "${DB_ROOT_PASSWORD:-}" = *\\* ]]; then
+        backslash_password_error "$(get_env_var ROOT_PASSWORD)"
+    fi
+    if [[ -n "$DB_USER" ]] && [[ "$DB_USER" = "root" ]]; then
+        print_validation_error "root user is already created in the database and you can't use it as username for user creation."
+    fi
+    if [[ "${DB_PASSWORD:-}" = *\\* ]]; then
+        backslash_password_error "$(get_env_var PASSWORD)"
+    fi
+    if [[ "${DB_REPLICATION_PASSWORD:-}" = *\\* ]]; then
+        backslash_password_error "$(get_env_var REPLICATION_PASSWORD)"
+    fi
+
+    collation_env_var="$(get_env_var COLLATION)"
+    is_empty_value "${!collation_env_var:-}" || warn "The usage of '$(get_env_var COLLATION)' is deprecated and will soon be removed. Use '$(get_env_var COLLATE)' instead."
+
+    [[ "$error_code" -eq 0 ]] || exit "$error_code"
+}
+
+########################
+# Creates MySQL/MariaDB configuration file
+# Globals:
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+mysql_create_default_config() {
+    debug "Creating main configuration file"
+    cat > "$DB_CONF_FILE" <<EOF
+[mysqladmin]
+user=${DB_USER}
+
+[mysqld]
+skip_name_resolve
+explicit_defaults_for_timestamp
+basedir=${DB_BASE_DIR}
+port=${DB_DEFAULT_PORT_NUMBER}
+tmpdir=${DB_TMP_DIR}
+socket=${DB_SOCKET_FILE}
+pid_file=${DB_PID_FILE}
+max_allowed_packet=16M
+bind_address=${DB_DEFAULT_BIND_ADDRESS}
+log_error=${DB_LOGS_DIR}/mysqld.log
+slow_query_log=${DB_ENABLE_SLOW_QUERY}
+long_query_time=${DB_LONG_QUERY_TIME}
+character_set_server=${DB_DEFAULT_CHARACTER_SET}
+plugin_dir=${DB_BASE_DIR}/lib/plugin
+datadir=${DB_DATA_DIR}
+
+[client]
+port=${DB_DEFAULT_PORT_NUMBER}
+socket=${DB_SOCKET_FILE}
+default_character_set=${DB_DEFAULT_CHARACTER_SET}
+plugin_dir=${DB_BASE_DIR}/lib/plugin
+
+[manager]
+port=${DB_DEFAULT_PORT_NUMBER}
+socket=${DB_SOCKET_FILE}
+pid_file=${DB_PID_FILE}
+EOF
+}
+
+########################
+# Make a dump on master database and update slave database
+# Globals:
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+mysql_exec_initial_dump() {
+    info "MySQL dump master data start..."
+
+    info "LOCK MASTER DATABASES FOR WRITE OPERATIONS..."
+    mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'FLUSH TABLES WITH READ LOCK;'
+
+    info "SHOW MASTER STATUS..."
+    read -r MYSQL_FILE MYSQL_POSITION <<< "$(mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'SHOW MASTER STATUS;' | awk 'NR==1 {print $1, $2}')"
+    info "File: $MYSQL_FILE and Position: $MYSQL_POSITION"
+
+    info "Start dump process databases"
+
+    FILE_LOCATION="$DB_DATA_DIR/dump_all_databases.sql"
+
+    mysqldump --verbose --all-databases -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" > "$FILE_LOCATION"
+
+    info "Finish dump databases"
+
+    info "UNLOCK MASTER DATABASES FOR WRITE OPERATIONS..."
+    mysql -h "$DB_MASTER_HOST" -P "$DB_MASTER_PORT_NUMBER" -u "$DB_MASTER_ROOT_USER" -p"$DB_MASTER_ROOT_PASSWORD" -se 'UNLOCK TABLES;'
+
+    info "Start import dump databases"
+    mysql_execute < "$FILE_LOCATION"
+    info "Finish import dump databases"
+
+    mysql_execute "mysql" <<EOF
+CHANGE MASTER TO MASTER_HOST='$DB_MASTER_HOST',
+MASTER_PORT=$DB_MASTER_PORT_NUMBER,
+MASTER_USER='$DB_REPLICATION_USER',
+MASTER_PASSWORD='$DB_REPLICATION_PASSWORD',
+MASTER_DELAY=$DB_MASTER_DELAY,
+MASTER_LOG_FILE='$MYSQL_FILE',
+MASTER_LOG_POS=$MYSQL_POSITION,
+MASTER_CONNECT_RETRY=10;
+EOF
+
+    info "Remove dump file"
+    rm -f "$FILE_LOCATION"
+
+    info "Finish dump process databases"
+
+    info "MySQL dump master data finish..."
+}
+
+########################
+# Migrate old custom configuration files
+# Globals:
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+mysql_configure_replication() {
+    if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then
+        info "Configuring replication in slave node"
+        debug "Checking if replication master is ready to accept connection"
+        while ! echo "select 1" | mysql_remote_execute "$DB_MASTER_HOST" "$DB_MASTER_PORT_NUMBER" "mysql" "$DB_MASTER_ROOT_USER" "$DB_MASTER_ROOT_PASSWORD"; do
+            sleep 1
+        done
+
+        if [[ "$DB_REPLICATION_SLAVE_DUMP" = "true" ]]; then
+            mysql_exec_initial_dump
+        else
+
+        debug "Replication master ready!"
+        debug "Setting the master configuration"
+        mysql_execute "mysql" <<EOF
+CHANGE MASTER TO MASTER_HOST='$DB_MASTER_HOST',
+MASTER_PORT=$DB_MASTER_PORT_NUMBER,
+MASTER_USER='$DB_REPLICATION_USER',
+MASTER_PASSWORD='$DB_REPLICATION_PASSWORD',
+MASTER_DELAY=$DB_MASTER_DELAY,
+MASTER_CONNECT_RETRY=10;
+EOF
+
+        fi
+    elif [[ "$DB_REPLICATION_MODE" = "master" ]]; then
+        info "Configuring replication in master node"
+        if [[ -n "$DB_REPLICATION_USER" ]]; then
+            mysql_ensure_replication_user_exists "$DB_REPLICATION_USER" "$DB_REPLICATION_PASSWORD"
+        fi
+    fi
+}
+
+########################
+# Ensure the replication user exists for host '%' and has full access
+# Globals:
+#   DB_*
+# Arguments:
+#   $1 - replication user
+#   $2 - replication password
+# Returns:
+#   None
+#########################
+mysql_ensure_replication_user_exists() {
+    local -r user="${1:?user is required}"
+    local -r password="${2:-}"
+
+    debug "Configure replication user credentials"
+    if [[ "$DB_FLAVOR" = "mariadb" ]]; then
+        mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+create or replace user '$user'@'%' $([ "$password" != "" ] && echo "identified by \"$password\"");
+EOF
+    else
+        mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+create user '$user'@'%' $([ "$password" != "" ] && echo "identified with 'mysql_native_password' by \"$password\"");
+EOF
+    fi
+    mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+grant REPLICATION SLAVE on *.* to '$user'@'%' with grant option;
+flush privileges;
+EOF
+}
+
+########################
+# Ensure MySQL/MariaDB is initialized
+# Globals:
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+mysql_initialize() {
+    info "Initializing $DB_FLAVOR database"
+
+    # This fixes an issue where the trap would kill the entrypoint.sh, if a PID was left over from a previous run
+    # Exec replaces the process without creating a new one, and when the container is restarted it may have the same PID
+    rm -f "$DB_PID_FILE"
+
+    debug "Ensuring expected directories/files exist"
+    for dir in "$DB_DATA_DIR" "$DB_TMP_DIR" "$DB_LOGS_DIR"; do
+        ensure_dir_exists "$dir"
+        am_i_root && chown "$DB_DAEMON_USER":"$DB_DAEMON_GROUP" "$dir"
+    done
+
+    if is_file_writable "$DB_CONF_FILE"; then
+        info "Updating 'my.cnf' with custom configuration"
+        mysql_update_custom_config
+    else
+        warn "The ${DB_FLAVOR} configuration file '${DB_CONF_FILE}' is not writable. Configurations based on environment variables will not be applied for this file."
+    fi
+
+    if [[ -f "${DB_CONF_DIR}/my_custom.cnf" ]]; then
+        if is_file_writable "${DB_CONF_DIR}/bitnami/my_custom.cnf"; then
+            info "Injecting custom configuration 'my_custom.cnf'"
+            cat "${DB_CONF_DIR}/my_custom.cnf" > "${DB_CONF_DIR}/bitnami/my_custom.cnf"
+            if ! grep --silent "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" "${DB_CONF_FILE}"; then
+                echo "!include ${DB_CONF_DIR}/bitnami/my_custom.cnf" >> "${DB_CONF_FILE}"
+            fi
+        else
+            warn "Could not inject custom configuration for the ${DB_FLAVOR} configuration file '$DB_CONF_DIR/bitnami/my_custom.cnf' because it is not writable."
+        fi
+    fi
+
+    if [[ -e "$DB_DATA_DIR/mysql" ]]; then
+        info "Using persisted data"
+        # mysql_upgrade requires the server to be running
+        [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes"
+        # https://dev.mysql.com/doc/refman/8.0/en/replication-upgrade.html
+        mariadb_upgrade
+    else
+        debug "Cleaning data directory to ensure successfully initialization"
+        rm -rf "${DB_DATA_DIR:?}"/*
+        info "Installing database"
+        mariadb_install_db
+        mysql_start_bg
+        wait_for_mysql_access
+        # we delete existing users and create new ones with stricter access
+        # commands can still be executed until we restart or run 'flush privileges'
+        info "Configuring authentication"
+        mysql_execute "mysql" <<EOF
+DELETE FROM mysql.user WHERE user not in ('mysql.sys','mysql.infoschema','mysql.session','mariadb.sys');
+EOF
+        # slaves do not need to configure users
+        if [[ -z "$DB_REPLICATION_MODE" ]] || [[ "$DB_REPLICATION_MODE" = "master" ]]; then
+            if [[ "$DB_REPLICATION_MODE" = "master" ]]; then
+                debug "Starting replication"
+                echo "RESET MASTER;" | debug_execute "$DB_BIN_DIR/mysql" --defaults-file="$DB_CONF_FILE" -N -u root
+            fi
+            mysql_ensure_root_user_exists "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" "$DB_AUTHENTICATION_PLUGIN"
+            mysql_ensure_user_not_exists "" # ensure unknown user does not exist
+            if [[ -n "$DB_USER" ]]; then
+                local -a args=("$DB_USER")
+                [[ -n "$DB_PASSWORD" ]] && args+=("-p" "$DB_PASSWORD")
+                [[ -n "$DB_AUTHENTICATION_PLUGIN" ]] && args+=("--auth-plugin" "$DB_AUTHENTICATION_PLUGIN")
+                mysql_ensure_optional_user_exists "${args[@]}"
+            fi
+            if [[ -n "$DB_DATABASE" ]]; then
+                local -a createdb_args=("$DB_DATABASE")
+                [[ -n "$DB_USER" ]] && createdb_args+=("-u" "$DB_USER")
+                [[ -n "$DB_CHARACTER_SET" ]] && createdb_args+=("--character-set" "$DB_CHARACTER_SET")
+                [[ -n "$DB_COLLATE" ]] && createdb_args+=("--collate" "$DB_COLLATE")
+                mysql_ensure_optional_database_exists "${createdb_args[@]}"
+            fi
+            [[ -n "$DB_ROOT_PASSWORD" ]] && export ROOT_AUTH_ENABLED="yes"
+        fi
+        [[ -n "$DB_REPLICATION_MODE" ]] && mysql_configure_replication
+        # we run mysql_upgrade in order to recreate necessary database users and flush privileges
+        mariadb_upgrade
+    fi
+}
+
+########################
+# Run custom scripts
+# Globals:
+#   DB_*
+# Arguments:
+#   $1 - 'init' or 'start' ('init' runs on first container start, 'start' runs everytime the container starts)
+# Returns:
+#   None
+#########################
+mysql_custom_scripts() {
+    if [[ -n $(find /docker-entrypoint-"$1"db.d/ -type f -regex ".*\.\(sh\|sql\|sql.gz\)") ]] && { [[ ! -f "$DB_DATA_DIR/.user_scripts_initialized" ]] || [[ $1 == start ]]; } then
+        info "Loading user's custom files from /docker-entrypoint-$1db.d";
+        for f in /docker-entrypoint-"$1"db.d/*; do
+            debug "Executing $f"
+            case "$f" in
+                *.sh)
+                    if [[ -x "$f" ]]; then
+                        if ! "$f"; then
+                            error "Failed executing $f"
+                            return 1
+                        fi
+                    else
+                        warn "Sourcing $f as it is not executable by the current user, any error may cause initialization to fail"
+                        . "$f"
+                    fi
+                    ;;
+                *.sql)
+                    [[ "$DB_REPLICATION_MODE" = "slave" ]] && warn "Custom SQL $1db is not supported on slave nodes, ignoring $f" && continue
+                    wait_for_mysql_access "$DB_ROOT_USER"
+                    # Temporarily disabling autocommit to increase performance when importing huge files
+                    if ! mysql_execute_print_output "$DB_DATABASE" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<< "SET autocommit=0; source ${f}; COMMIT;"; then
+                        error "Failed executing $f"
+                        return 1
+                    fi
+                    ;;
+                *.sql.gz)
+                    [[ "$DB_REPLICATION_MODE" = "slave" ]] && warn "Custom SQL $1db is not supported on slave nodes, ignoring $f" && continue
+                    wait_for_mysql_access "$DB_ROOT_USER"
+                    # In this case, it is best to pipe the uncompressed SQL commands directly to the 'mysql' command as extraction may cause problems
+                    # e.g. lack of disk space, permission issues...
+                    if ! gunzip -c "$f" | mysql_execute_print_output "$DB_DATABASE" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD"; then
+                        error "Failed executing $f"
+                        return 1
+                    fi
+                    ;;
+                *)
+                    warn "Skipping $f, supported formats are: .sh .sql .sql.gz"
+                    ;;
+            esac
+        done
+        touch "$DB_DATA_DIR"/.user_scripts_initialized
+    fi
+}
+
+########################
+# Starts MySQL/MariaDB in the background and waits until it's ready
+# Globals:
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+mysql_start_bg() {
+    local -a flags=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}" "--socket=${DB_SOCKET_FILE}")
+
+    # Only allow local connections until MySQL is fully initialized, to avoid apps trying to connect to MySQL before it is fully initialized
+    flags+=("--bind-address=127.0.0.1")
+
+    # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable
+    read -r -a db_extra_flags <<< "$(mysql_extra_flags)"
+    [[ "${#db_extra_flags[@]}" -gt 0 ]] && flags+=("${db_extra_flags[@]}")
+
+    # Do not start as root, to avoid permission issues
+    am_i_root && flags+=("--user=${DB_DAEMON_USER}")
+
+    # The slave should only start in 'run.sh', elseways user credentials would be needed for any connection
+    flags+=("--skip-slave-start")
+    flags+=("$@")
+
+    is_mysql_running && return
+
+    info "Starting $DB_FLAVOR in background"
+    debug_execute "${DB_SBIN_DIR}/mysqld" "${flags[@]}" &
+
+    # we cannot use wait_for_mysql_access here as mysql_upgrade for MySQL >=8 depends on this command
+    # users are not configured on slave nodes during initialization due to --skip-slave-start
+    wait_for_mysql
+
+    # Special configuration flag for system with slow disks that could take more time
+    # in initializing
+    if [[ -n "${DB_INIT_SLEEP_TIME}" ]]; then
+        debug "Sleeping ${DB_INIT_SLEEP_TIME} seconds before continuing with initialization"
+        sleep "${DB_INIT_SLEEP_TIME}"
+    fi
+}
+
+########################
+# Initialize database data
+# Globals:
+#   BITNAMI_DEBUG
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+mariadb_install_db() {
+    local command="${DB_BIN_DIR}/mysql_install_db"
+    local -a args=("--defaults-file=${DB_CONF_FILE}" "--basedir=${DB_BASE_DIR}" "--datadir=${DB_DATA_DIR}")
+
+    # Add flags specified via the 'DB_EXTRA_FLAGS' environment variable
+    read -r -a db_extra_flags <<< "$(mysql_extra_flags)"
+    [[ "${#db_extra_flags[@]}" -gt 0 ]] && args+=("${db_extra_flags[@]}")
+
+    am_i_root && args=("${args[@]}" "--user=$DB_DAEMON_USER")
+    args+=("--auth-root-authentication-method=normal")
+    # Feature available only in MariaDB 10.5+
+    # ref: https://mariadb.com/kb/en/mysql_install_db/#not-creating-the-test-database-and-anonymous-user
+    if [[ ! "$(mysql_get_version)" =~ ^10\.[01234]\. ]]; then
+        is_boolean_yes "$DB_SKIP_TEST_DB" && args+=("--skip-test-db")
+    fi
+
+    debug_execute "$command" "${args[@]}"
+}
+
+########################
+# Upgrade Database Schema
+# Globals:
+#   BITNAMI_DEBUG
+#   DB_*
+# Arguments:
+#   None
+# Returns:
+#   None
+#########################
+mariadb_upgrade() {
+    local -a args=("--defaults-file=${DB_CONF_FILE}" "-u" "$DB_ROOT_USER")
+    info "Running mysql_upgrade"
+    mysql_start_bg
+    is_boolean_yes "${ROOT_AUTH_ENABLED:-false}" && args+=("-p$(get_master_env_var_value ROOT_PASSWORD)")
+    [[ "${DB_UPGRADE}" == "FORCE" ]] && args+=("--force")
+    debug_execute "${DB_BIN_DIR}/mysql_upgrade" "${args[@]}" || echo "This installation is already upgraded"
+}
+
+########################
+# Ensure a db user exists with the given password for the '%' host
+# Globals:
+#   DB_*
+# Flags:
+#   -p|--password - database password
+#   -u|--user - database user
+#   --auth-plugin - authentication plugin
+#   --use-ldap - authenticate user via LDAP
+#   --host - database host
+#   --port - database host
+# Arguments:
+#   $1 - database user
+# Returns:
+#   None
+#########################
+mariadb_ensure_user_exists() {
+    local -r user="${1:?user is required}"
+    local password=""
+    local auth_plugin=""
+    local use_ldap="no"
+    local hosts
+    local auth_string=""
+    # For accessing an external database
+    local db_host=""
+    local db_port=""
+
+    # Validate arguments
+    shift 1
+    while [ "$#" -gt 0 ]; do
+        case "$1" in
+            -p|--password)
+                shift
+                password="${1:?missing database password}"
+                ;;
+            --auth-plugin)
+                shift
+                auth_plugin="${1:?missing authentication plugin}"
+                ;;
+            --use-ldap)
+                use_ldap="yes"
+                ;;
+            --host)
+                shift
+                db_host="${1:?missing database host}"
+                ;;
+            --port)
+                shift
+                db_port="${1:?missing database port}"
+                ;;
+            *)
+                echo "Invalid command line flag $1" >&2
+                return 1
+                ;;
+        esac
+        shift
+    done
+    if is_boolean_yes "$use_ldap"; then
+        auth_string="identified via pam using '$DB_FLAVOR'"
+    elif [[ -n "$password" ]]; then
+        if [[ -n "$auth_plugin" ]]; then
+            auth_string="identified with $auth_plugin by '$password'"
+        else
+            auth_string="identified by '$password'"
+        fi
+    fi
+    debug "creating database user \'$user\'"
+
+    local -a mysql_execute_cmd=("mysql_execute")
+    local -a mysql_execute_print_output_cmd=("mysql_execute_print_output")
+    if [[ -n "$db_host" && -n "$db_port" ]]; then
+        mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port")
+        mysql_execute_print_output_cmd=("mysql_remote_execute_print_output" "$db_host" "$db_port")
+    fi
+
+    "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+create or replace user '${user}'@'%' ${auth_string};
+EOF
+    debug "Removing all other hosts for the user"
+    hosts=$("${mysql_execute_print_output_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+select Host from user where User='${user}' and Host!='%';
+EOF
+)
+    for host in $hosts; do
+        "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+drop user '$user'@'$host';
+EOF
+    done
+}
+
 #!/bin/bash
 # Copyright Broadcom, Inc. All Rights Reserved.
 # SPDX-License-Identifier: APACHE-2.0
@@ -429,19 +1054,14 @@ mysql_ensure_galera_mariabackup_user_exists() {
     local -r password="${2:-}"
 
     debug "Configure mariabackup user credentials"
-    if [[ "$DB_FLAVOR" = "mariadb" ]]; then
-        mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+    mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
 create or replace user '$user'@'localhost' $([ "$password" != "" ] && echo "identified by \"$password\"");
 EOF
-    else
-        mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
-create user '$user'@'localhost' $([ "$password" != "" ] && echo "identified with 'mysql_native_password' by \"$password\"");
-EOF
-    fi
     mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
 grant RELOAD,PROCESS,LOCK TABLES,REPLICATION CLIENT on *.* to '$user'@'localhost';
 flush privileges;
 EOF
+
 }
 
 ########################
@@ -460,19 +1080,12 @@ mysql_ensure_replication_user_exists() {
 
     debug "Configure replication user"
 
-    if [[ "$DB_FLAVOR" = "mariadb" ]]; then
-        mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+    mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
 grant REPLICATION CLIENT ON *.* to '$user'@'%' identified by "$password";
 grant PROCESS ON *.* to '$user'@'localhost' identified by "$password";
 flush privileges;
 EOF
-    else
-        mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
-grant REPLICATION CLIENT ON *.* to '$user'@'%' identified with 'mysql_native_password' by "$password";
-grant PROCESS ON *.* to '$user'@'localhost' identified with 'mysql_native_password' by "$password";
-flush privileges;
-EOF
-    fi
+
 }
 
 ########################
@@ -568,11 +1181,11 @@ mysql_initialize() {
         if is_boolean_yes "$(get_galera_cluster_bootstrap_value)"; then
             debug "Cleaning data directory to ensure successfully initialization"
             rm -rf "${DB_DATA_DIR:?}"/*
-            mysql_install_db
+            mariadb_install_db
             mysql_start_bg
             debug "Deleting all users to avoid issues with galera configuration"
             mysql_execute "mysql" <<EOF
-DELETE FROM mysql.user WHERE user not in ('mysql.sys','mariadb.sys');
+DELETE FROM mysql.user WHERE user not in ('mysql.sys','mysql.infoschema','mysql.session','mariadb.sys');
 EOF
 
             mysql_ensure_root_user_exists "$DB_ROOT_USER" "$DB_ROOT_PASSWORD"
@@ -597,16 +1210,13 @@ EOF
             mysql_ensure_replication_user_exists "$MARIADB_REPLICATION_USER" "$MARIADB_REPLICATION_PASSWORD"
 
             [[ -n "$(get_master_env_var_value ROOT_PASSWORD)" ]] && export ROOT_AUTH_ENABLED="yes"
-            if [[ "$DB_FLAVOR" = "mysql" ]]; then
-                mysql_upgrade
-            else
-                local -a args=(mysql)
-                args+=("$DB_ROOT_USER" "$DB_ROOT_PASSWORD")
-                debug "Flushing privileges"
-                mysql_execute "${args[@]}" <<EOF
+
+            local -a args=(mysql)
+            args+=("$DB_ROOT_USER" "$DB_ROOT_PASSWORD")
+            debug "Flushing privileges"
+            mysql_execute "${args[@]}" <<EOF
 flush privileges;
 EOF
-            fi
         fi
     fi
 }
diff --git a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh
index 7857bb832cf4..54c504fe8d2c 100644
--- a/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh
+++ b/bitnami/mariadb-galera/10.4/debian-12/rootfs/opt/bitnami/scripts/mariadb-env.sh
@@ -47,6 +47,7 @@ mariadb_env_vars=(
     MARIADB_COLLATE
     MARIADB_BIND_ADDRESS
     MARIADB_SQL_MODE
+    MARIADB_UPGRADE
     MARIADB_SKIP_TEST_DB
     MARIADB_CLIENT_ENABLE_SSL
     MARIADB_CLIENT_SSL_CA_FILE
@@ -169,6 +170,8 @@ export MARIADB_BIND_ADDRESS="${MARIADB_BIND_ADDRESS:-}"
 export DB_BIND_ADDRESS="$MARIADB_BIND_ADDRESS"
 export MARIADB_SQL_MODE="${MARIADB_SQL_MODE:-}"
 export DB_SQL_MODE="$MARIADB_SQL_MODE"
+export MARIADB_UPGRADE="${MARIADB_UPGRADE:-AUTO}"
+export DB_UPGRADE="$MARIADB_UPGRADE"
 export MARIADB_SKIP_TEST_DB="${MARIADB_SKIP_TEST_DB:-no}"
 export DB_SKIP_TEST_DB="$MARIADB_SKIP_TEST_DB"
 export MARIADB_CLIENT_ENABLE_SSL="${MARIADB_CLIENT_ENABLE_SSL:-no}"
diff --git a/bitnami/mariadb-galera/README.md b/bitnami/mariadb-galera/README.md
index c9d9acc9af8a..0280474575ca 100644
--- a/bitnami/mariadb-galera/README.md
+++ b/bitnami/mariadb-galera/README.md
@@ -197,6 +197,7 @@ docker-compose up -d
 | `MARIADB_COLLATE`                             | MariaDB Galera collation to use.                                                                                          | `nil`                                     |
 | `MARIADB_BIND_ADDRESS`                        | MariaDB Galera bind address.                                                                                              | `nil`                                     |
 | `MARIADB_SQL_MODE`                            | MariaDB Galera Server SQL modes to enable.                                                                                | `nil`                                     |
+| `MARIADB_UPGRADE`                             | MariaDB Galera upgrade option.                                                                                            | `AUTO`                                    |
 | `MARIADB_SKIP_TEST_DB`                        | Whether to skip creating the test database.                                                                               | `no`                                      |
 | `MARIADB_CLIENT_ENABLE_SSL`                   | Whether to force SSL for connections to the MariaDB Galera database.                                                      | `no`                                      |
 | `MARIADB_CLIENT_SSL_CA_FILE`                  | Path to CA certificate to use for SSL connections to the MariaDB Galera database server.                                  | `nil`                                     |