https://jira.percona.com/browse/PS-3879
Introduced new global non-dynamic boolean variable 'encrypt_tmp_files' which, when turned on, enables encryption of temporary files created for various server needs (MyISAM 'OPTIMIZE' / 'REPAIR', filesort, etc.) For each individual file a new random key is generated using 'my_rand_buffer()' upon opening (no encryption / key storage plugin is involved in this process). File data is encrypted using AES 256-bit algorithm in CBC block mode.
Cherry-picked commit MariaDB/server "MDEV-8126 encryption for temp files"
Cherry-picked commit MariaDB/server "always use my_b_pread() instead of mysql_file_pread()"
Cherry-picked commit MariaDB/server "my_b_fill, inline my_b_* functions instead of hairy macros"
Cherry-picked commit MariaDB/server "misc IO_CACHE cleanups"
Cherry-picked commit MariaDB/server "MDEV-10001 my_b_seek() may not work correctly after my_b_read() hits EOF"
Cherry-picked commit MariaDB/server "MDEV-9044 : Binlog corruption in Galera"
Cherry-picked commit MariaDB/server "MDEV-10508 Mariadb crash on out of disk space during dump import"
Cherry-picked commit MariaDB/server "myisam/aria: don't mess with IO_CACHE::file"
Cherry-picked commit MariaDB/server "add P_S instrumentation to file operations in mf_iocache2.c"
Cherry-picked commit MariaDB/server "fix encryption.tempfiles to check that encrypt_tmp_files is ON"
Cherry-picked commit MariaDB/server "MDEV-14868 MariaDB server crashes after using ROLLBACK TO when encrypt_tmp_files=ON"
Cherry-picked commit MariaDB/server "MDEV-14868 MariaDB server crashes after using ROLLBACK TO when encrypt_tmp_files=ON"
In contrast to MariaDB we preserve original 'my_b_fill()' implementation for non-encrypted mode and use 'return _my_b_read(info, 0, 0) ? 0 : info->read_end - info->read_pos;' only when 'MY_ENCRYPT' flag is set.
Applied experimental fix for MDEV-10259 "mysqld crash with certain statement length and order with Galera and encrypt-tmp-files=1" (https://jira.mariadb.org/browse/MDEV-10259) (http://lists.askmonty.org/pipermail/commits/2018-March/012144.html) Fixed a problem in 'my_b_encr_read()' with updating 'read_end' and 'pos_in_file'.
Fixed problem in group_replication plugin code: 'Transaction_Message::append_cache()' method could call 'my_b_fill()' in case when 'info->read_pos != info->read_end' which is not supported in the encrypted mode.
Fixed "my_aes.h" interface to be plain C compatible.
Re-recorded 'main.mysqld--help-notwin' MTR test case because of the new '--encrypt-tmp-files' system variable.
Fixed 'perfschema.show_sanity' MTR test case because of the new '--encrypt-tmp-files' system variable.
Re-recorded 'perfschema.relaylog' and 'rpl.rpl_binlog_sender_fseek' MTR test cases re-recorded because of the commit MariaDB/server "add P_S instrumentation to file operations in mf_iocache2.c". Additional seek was already there, just not instrumented and therefore, not reflected in statistics.
Added new 'sys_vars.enctypt_tmp_files_basic' MTR test case for the new 'encrypt_tmp_files' system variable.
Added 'mf_iocache-t' gunit test which tests basic 'io_cache' functionality in encrypted / unencrypted mode.
Various formatting and spelling fixes.
该提问来源于开源项目:percona/percona-server
