From baf5873c1dae27bad12099ce0f5f6a19efd859eb Mon Sep 17 00:00:00 2001
From: Bitnami Bot <containers-bot@bitnami.com>
Date: Thu, 25 Jun 2020 22:51:13 +0000
Subject: [PATCH] 10.4.13-debian-10-r43 release

---
 bitnami/mariadb/10.4/debian-10/Dockerfile     |   8 +-
 .../opt/bitnami/scripts/libpersistence.sh     |  23 ++-
 .../rootfs/opt/bitnami/scripts/libmariadb.sh  | 146 ++++++++++++++----
 bitnami/mariadb/README.md                     |   2 +-
 4 files changed, 139 insertions(+), 40 deletions(-)

diff --git a/bitnami/mariadb/10.4/debian-10/Dockerfile b/bitnami/mariadb/10.4/debian-10/Dockerfile
index 2440cd01b935..6cc1314e58ec 100644
--- a/bitnami/mariadb/10.4/debian-10/Dockerfile
+++ b/bitnami/mariadb/10.4/debian-10/Dockerfile
@@ -8,10 +8,10 @@ ENV HOME="/" \
 
 COPY prebuildfs /
 # Install required system packages and dependencies
-RUN install_packages ca-certificates curl gzip libaio1 libaudit1 libc6 libcap-ng0 libgcc1 libicu63 libjemalloc2 liblzma5 libncurses6 libpam0g libssl1.1 libstdc++6 libtinfo6 libxml2 procps tar zlib1g
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "ini-file" "1.3.0-0" --checksum 41c77c119c1fb01936942bdd7f463f777d5edc29809038f977a7ab78ffdab342
+RUN install_packages acl ca-certificates curl gzip libaio1 libaudit1 libc6 libcap-ng0 libgcc1 libicu63 libjemalloc2 liblzma5 libncurses6 libpam0g libssl1.1 libstdc++6 libtinfo6 libxml2 procps tar zlib1g
+RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "ini-file" "1.3.0-1" --checksum 6126368b4f1d4c6a9682c12280f2bef3c98962d079b26206e19f406cfa631055
 RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "mariadb" "10.4.13-2" --checksum 212cd1644d0e7ff2b0d65e69d0060a6fd9b40243a58c1599ba290a2175150ea7
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.12.0-0" --checksum 582d501eeb6b338a24f417fededbf14295903d6be55c52d66c52e616c81bcd8c
+RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.12.0-1" --checksum 51cfb1b7fd7b05b8abd1df0278c698103a9b1a4964bdacd87ca1d5c01631d59c
 RUN apt-get update && apt-get upgrade -y && \
     rm -r /var/lib/apt/lists /var/cache/apt/archives
 RUN mkdir /docker-entrypoint-initdb.d
@@ -19,7 +19,7 @@ RUN mkdir /docker-entrypoint-initdb.d
 COPY rootfs /
 RUN /opt/bitnami/scripts/mariadb/postunpack.sh
 ENV BITNAMI_APP_NAME="mariadb" \
-    BITNAMI_IMAGE_VERSION="10.4.13-debian-10-r42" \
+    BITNAMI_IMAGE_VERSION="10.4.13-debian-10-r43" \
     PATH="/opt/bitnami/common/bin:/opt/bitnami/mariadb/bin:/opt/bitnami/mariadb/sbin:$PATH"
 
 EXPOSE 3306
diff --git a/bitnami/mariadb/10.4/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh b/bitnami/mariadb/10.4/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh
index d4a0b32e1132..a7e977516d3a 100644
--- a/bitnami/mariadb/10.4/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh
+++ b/bitnami/mariadb/10.4/debian-10/prebuildfs/opt/bitnami/scripts/libpersistence.sh
@@ -7,6 +7,7 @@
 
 # Load Generic Libraries
 . /opt/bitnami/scripts/libfs.sh
+. /opt/bitnami/scripts/libos.sh
 . /opt/bitnami/scripts/liblog.sh
 . /opt/bitnami/scripts/libversion.sh
 
@@ -34,14 +35,28 @@ persist_app() {
         warn "No files are configured to be persisted"
         return
     fi
-    local file_to_persist_origin file_to_persist_destination file_to_persist_destination_folder
+    pushd "$install_dir" >/dev/null
+    local file_to_persist_destination file_to_persist_destination_folder
+    local -r tmp_file="/tmp/perms.acl"
     for file_to_persist in "${files_to_persist[@]}"; do
-        file_to_persist_origin="${install_dir}/${file_to_persist}"
         file_to_persist_destination="${persist_dir}/${file_to_persist}"
         file_to_persist_destination_folder="$(dirname "$file_to_persist_destination")"
-        mkdir -p "$file_to_persist_destination_folder"
-        cp -Lr "$file_to_persist_origin" "$file_to_persist_destination_folder"
+        # Get original permissions (except for the root directory, to avoid issues with volumes)
+        find "$file_to_persist" | grep -E -v '^\.$' | xargs getfacl -R > "$tmp_file"
+        # Copy directories to the volume
+        ensure_dir_exists "$file_to_persist_destination_folder"
+        cp -Lr --preserve=links "$file_to_persist" "$file_to_persist_destination_folder"
+        # Restore permissions
+        pushd "$persist_dir" >/dev/null
+        if am_i_root; then
+            setfacl --restore="$tmp_file"
+        else
+            # When running as non-root, don't change ownership
+            setfacl --restore=<(grep -E -v '^# (owner|group):' "$tmp_file")
+        fi
+        popd >/dev/null
     done
+    popd >/dev/null
     # Install the persisted files into the installation directory, via symlinks
     restore_persisted_app "$@"
 }
diff --git a/bitnami/mariadb/10.4/debian-10/rootfs/opt/bitnami/scripts/libmariadb.sh b/bitnami/mariadb/10.4/debian-10/rootfs/opt/bitnami/scripts/libmariadb.sh
index 757478942659..20a1239a9f75 100644
--- a/bitnami/mariadb/10.4/debian-10/rootfs/opt/bitnami/scripts/libmariadb.sh
+++ b/bitnami/mariadb/10.4/debian-10/rootfs/opt/bitnami/scripts/libmariadb.sh
@@ -185,7 +185,7 @@ mysql_configure_replication() {
     if [[ "$DB_REPLICATION_MODE" = "slave" ]]; then
         info "Configuring replication in slave node"
         debug "Checking if replication master is ready to accept connection"
-        while ! echo "select 1" | mysql_remote_execute "mysql" "$DB_MASTER_HOST" "$DB_MASTER_PORT_NUMBER" "$DB_MASTER_ROOT_USER" "$DB_MASTER_ROOT_PASSWORD"; do
+        while ! echo "select 1" | mysql_remote_execute "$DB_MASTER_HOST" "$DB_MASTER_PORT_NUMBER" "mysql" "$DB_MASTER_ROOT_USER" "$DB_MASTER_ROOT_PASSWORD"; do
             sleep 1
         done
         debug "Replication master ready!"
@@ -494,23 +494,20 @@ mysql_execute() {
 #   BITNAMI_DEBUG
 #   DB_*
 # Arguments:
-#   $1 - Database where to run the queries
-#   $2 - Remote MySQL/MariaDB service hostname
-#   $3 - Remote MySQL/MariaDB service port
+#   $1 - Remote MySQL/MariaDB service hostname
+#   $2 - Remote MySQL/MariaDB service port
+#   $3 - Database where to run the queries
 #   $4 - User to run queries
 #   $5 - Password
+#   $6 - Extra MySQL CLI options
 # Returns:
 #   None
 mysql_remote_execute() {
-    local -r db="${1:-}"
-    local -r hostname="${2:?hostname is required}"
-    local -r port="${3:?port is required}"
-    local -r user="${4:?user is required}"
-    local -r pass="${5:-}"
-
-    local -a args=("-N" "-h" "$hostname" "-P" "$port" "-u" "$user" "--connect-timeout=5" "$db")
-    [[ -n "$pass" ]] && args+=("-p$pass")
-    debug_execute "$DB_BIN_DIR/mysql" "${args[@]}"
+    local -r hostname="${1:?hostname is required}"
+    local -r port="${2:?port is required}"
+    local -a args=("-h" "$hostname" "-P" "$port" "--connect-timeout=5")
+    shift 2
+    debug_execute "mysql_execute_print_output" "$@" "${args[@]}"
 }
 
 ########################
@@ -729,6 +726,8 @@ migrate_old_configuration() {
 #   -u|--user - database user
 #   --auth-plugin - authentication plugin
 #   --use-ldap - authenticate user via LDAP
+#   --host - database host
+#   --port - database host
 # Arguments:
 #   $1 - database user
 # Returns:
@@ -744,6 +743,7 @@ mysql_ensure_user_exists() {
     local ssl_ca=""
     # For accessing an external database
     local db_host=""
+    local db_port=""
 
     # Validate arguments
     shift 1
@@ -768,6 +768,10 @@ mysql_ensure_user_exists() {
                 shift
                 db_host="${1:?missing database host}"
                 ;;
+            --port)
+                shift
+                db_port="${1:?missing database port}"
+                ;;
             *)
                 echo "Invalid command line flag $1" >&2
                 return 1
@@ -786,12 +790,9 @@ mysql_ensure_user_exists() {
     fi
     debug "creating database user \'$user\'"
     local -a opts=()
-    if [[ -n "$db_host" ]]; then
-        opts+=("-h${db_host}")
-    fi
-    if [[ -n "$ssl_ca" ]]; then
-        opts+=("--ssl-ca" "$ssl_ca")
-    fi
+    [[ -n "$db_host" ]] && opts+=("-h" "${db_host}")
+    [[ -n "$db_port" ]] && opts+=("-P" "${db_port}")
+    [[ -n "$ssl_ca" ]] && opts+=("--ssl-ca" "$ssl_ca")
     mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" "${opts[@]:-}" <<EOF
 create $([[ "$DB_FLAVOR" = "mariadb" ]] && echo "or replace") user '$user'@'%' $auth_string;
 EOF
@@ -897,20 +898,59 @@ EOF
 #   DB_*
 # Arguments:
 #   $1 - database name
+# Flags:
+#   --character-set - character set
+#   --collation - collation
+#   --host - database host
+#   --port - database port
 # Returns:
 #   None
 #########################
 mysql_ensure_database_exists() {
     local -r database="${1:?database is required}"
-    local -r character_set="${2:-}"
-    local -r collate="${3:-}"
-    local -a extra_args=()
+    local character_set=""
+    local collate=""
+    # For accessing an external database
+    local db_host=""
+    local db_port=""
 
+    # Validate arguments
+    shift 1
+    while [ "$#" -gt 0 ]; do
+        case "$1" in
+            --character-set)
+                shift
+                character_set="${1:?missing character set}"
+                ;;
+            --collate)
+                shift
+                collate="${1:?missing collate}"
+                ;;
+            --host)
+                shift
+                db_host="${1:?missing database host}"
+                ;;
+            --port)
+                shift
+                db_port="${1:?missing database port}"
+                ;;
+            *)
+                echo "Invalid command line flag $1" >&2
+                return 1
+                ;;
+        esac
+        shift
+    done
+
+    local -a extra_args=()
     [[ -n "$character_set" ]] && extra_args=("character set = '${character_set}'")
     [[ -n "$collate" ]] && extra_args=("collate = '${collate}'")
 
+    local -a mysql_execute_cmd=("mysql_execute")
+    [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port")
+
     debug "Creating database $database"
-    mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+    "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
 create database if not exists \`$database\` ${extra_args[@]:-};
 EOF
 }
@@ -922,15 +962,22 @@ EOF
 # Arguments:
 #   $1 - database name
 #   $2 - database user
+#   $3 - database host (optional)
+#   $4 - database port (optional)
 # Returns:
 #   None
 #########################
 mysql_ensure_user_has_database_privileges() {
     local -r user="${1:?user is required}"
     local -r database="${2:?db is required}"
+    local -r db_host="${3:-}"
+    local -r db_port="${4:-}"
+
+    local -a mysql_execute_cmd=("mysql_execute")
+    [[ -n "$db_host" && -n "$db_port" ]] && mysql_execute_cmd=("mysql_remote_execute" "$db_host" "$db_port")
 
     debug "Providing privileges to username $user on database $database"
-    mysql_execute "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
+    "${mysql_execute_cmd[@]}" "mysql" "$DB_ROOT_USER" "$DB_ROOT_PASSWORD" <<EOF
 grant all on \`$database\`.* to '$user'@'%';
 EOF
 }
@@ -941,6 +988,8 @@ EOF
 #   -p|--password - database password
 #   --auth-plugin - authentication plugin
 #   --use-ldap - authenticate user via LDAP
+#   --host - database host
+#   --port - database port
 # Arguments:
 #   $1 - user
 # Returns:
@@ -951,6 +1000,9 @@ mysql_ensure_optional_user_exists() {
     local password=""
     local auth_plugin=""
     local use_ldap="no"
+    # For accessing an external database
+    local db_host=""
+    local db_port=""
 
     # Validate arguments
     shift 1
@@ -967,6 +1019,14 @@ mysql_ensure_optional_user_exists() {
             --use-ldap)
                 use_ldap="yes"
                 ;;
+            --host)
+                shift
+                db_host="${1:?missing database host}"
+                ;;
+            --port)
+                shift
+                db_port="${1:?missing database port}"
+                ;;
             *)
                 echo "Invalid command line flag $1" >&2
                 return 1
@@ -975,15 +1035,16 @@ mysql_ensure_optional_user_exists() {
         shift
     done
 
+    local -a flags=("$user")
+    [[ -n "$db_host" ]] && flags+=("--host" "${db_host}")
+    [[ -n "$db_port" ]] && flags+=("--port" "${db_port}")
     if is_boolean_yes "$use_ldap"; then
-        mysql_ensure_user_exists "$user" "--use-ldap"
+        flags+=("--use-ldap")
     elif [[ -n "$password" ]]; then
-        local -a flags=("-p" "$password")
+        flags+=("-p" "$password")
         [[ -n "$auth_plugin" ]] && flags=("${flags[@]}" "--auth-plugin" "$auth_plugin")
-        mysql_ensure_user_exists "$user" "${flags[@]:-}"
-    else
-        mysql_ensure_user_exists "$user"
     fi
+    mysql_ensure_user_exists "${flags[@]}"
 }
 
 ########################
@@ -991,6 +1052,10 @@ mysql_ensure_optional_user_exists() {
 # full privileges on the database.
 # Flags:
 #   -u|--user - database user
+#   --character-set - character set
+#   --collation - collation
+#   --host - database host
+#   --port - database port
 # Arguments:
 #   $1 - database name
 # Returns:
@@ -1001,6 +1066,9 @@ mysql_ensure_optional_database_exists() {
     local character_set=""
     local collate=""
     local user=""
+    # For accessing an external database
+    local db_host=""
+    local db_port=""
 
     # Validate arguments
     shift 1
@@ -1018,6 +1086,14 @@ mysql_ensure_optional_database_exists() {
                 shift
                 user="${1:?missing database user}"
                 ;;
+            --host)
+                shift
+                db_host="${1:?missing database host}"
+                ;;
+            --port)
+                shift
+                db_port="${1:?missing database port}"
+                ;;
             *)
                 echo "Invalid command line flag $1" >&2
                 return 1
@@ -1026,10 +1102,18 @@ mysql_ensure_optional_database_exists() {
         shift
     done
 
-    mysql_ensure_database_exists "$database" "$character_set" "$collate"
+    local -a flags=("$database")
+    [[ -n "$character_set" ]] && flags+=("--character-set" "$character_set")
+    [[ -n "$collate" ]] && flags+=("--collate" "$collate")
+    [[ -n "$db_host" ]] && flags+=("--host" "$db_host")
+    [[ -n "$db_port" ]] && flags+=("--port" "$db_port")
+    mysql_ensure_database_exists "${flags[@]}"
 
     if [[ -n "$user" ]]; then
-        mysql_ensure_user_has_database_privileges "$user" "$database"
+        local -a grant_flags=("$user" "$database")
+        [[ -n "$db_host" ]] && grant_flags+=("$db_host")
+        [[ -n "$db_port" ]] && grant_flags+=("$db_port")
+        mysql_ensure_user_has_database_privileges "${grant_flags[@]}"
     fi
 }
 
diff --git a/bitnami/mariadb/README.md b/bitnami/mariadb/README.md
index 6dbccc94b2d5..4b795ed618ef 100644
--- a/bitnami/mariadb/README.md
+++ b/bitnami/mariadb/README.md
@@ -44,7 +44,7 @@ Non-root container images add an extra layer of security and are generally recom
 Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/).
 
 
-* [`10.4-debian-10`, `10.4.13-debian-10-r42`, `10.4`, `10.4.13` (10.4/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-mariadb/blob/10.4.13-debian-10-r42/10.4/debian-10/Dockerfile)
+* [`10.4-debian-10`, `10.4.13-debian-10-r43`, `10.4`, `10.4.13` (10.4/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-mariadb/blob/10.4.13-debian-10-r43/10.4/debian-10/Dockerfile)
 * [`10.3-debian-10`, `10.3.23-debian-10-r44`, `10.3`, `10.3.23`, `latest` (10.3/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-mariadb/blob/10.3.23-debian-10-r44/10.3/debian-10/Dockerfile)
 * [`10.2-debian-10`, `10.2.32-debian-10-r44`, `10.2`, `10.2.32` (10.2/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-mariadb/blob/10.2.32-debian-10-r44/10.2/debian-10/Dockerfile)
 * [`10.1-debian-10`, `10.1.45-debian-10-r45`, `10.1`, `10.1.45` (10.1/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-mariadb/blob/10.1.45-debian-10-r45/10.1/debian-10/Dockerfile)