Building MySQL From Source with SSL Secure Connections Support
I needed SSL connection feature for secure
offsite replication. The prebuilt binaries do not include the SSL option, so I
had to build MySQL from source with the SSL option....
Objectives
- Same directory layout as the standard binary installation.
- Same general features as typical standard binary installation
- SSL client connection support
I performed my source installation with help from MySQL guide and this Apple Developer article with notes/clarifications for OS X Tiger.
Starting config. Fresh installation of OS X Tiger with MySQL standard binary already installed .
If XCode is not installed on your server, then do so now. The installer can be found on the OS X Installation DVD. .... I installed version 2.4 from the OS X Tiger Server 10.4.7 DVD for this exercise.
Before starting, I stopped mysqld, stopped the mysqld startup item (use the PrefPane that comes with the MySQL binary install to do this if you like), and I deleted contents of /usr/local in advance of installation as a precaution in case the old binary interfered with the compiled source install. I also wanted to be sure to recognise if the source installation put stuff in different directories to the typical binary, so deleting the binary install will ensure I recognise that afterward.
The mysql group and user already exist (probably from Apple's included binaries or the earlier standard binary installation I did), so I did not create those.
OpenSSL is already installed as part of OS X
$ openssl version
OpenSSL 0.9.7i 14 Oct 2005
Turn off auto-expand in your browser and download the tarball source distribution from mysql.com. I downloaded version 4.1.21 and put it in a directory named 'dev' in my server admin home directory. You will find the "Tarball" source distribution on the same page as the corresponding binary downloads at the bottom of the page. There are about a half dozen source distributions listed.
cd into the directory containing the archive and do the following:
$ gunzip < mysql-4.1.21.tar.gz | gnutar -xvf -
$ ls -al
total 34424
drwxr-xr-x 4 admin staff 136 Nov 21 13:30 .
drwxr-xr-x 17 admin staff 578 Nov 21 13:26 ..
drwxr-xr-x 59 admin staff 2006 Jul 19 11:20 mysql-4.1.21
-rw-r--r-- 1 admin staff 17624947 Jul 19 11:21 mysql-4.1.21.tar.gz
$ cd mysql-4.1.21
Then I configured the build using the following, however I am sure there could be other options . This is one BIG command (the '\' are continuations), and the default version of gcc at the writing of this article was 4.01.
$ CC=gcc CFLAGS="-O3 -fno-omit-frame-pointer" CXX=gcc \
CXXFLAGS="-O3 -fno-omit-frame-pointer -felide-constructors -fno-exceptions -fno-rtti" \
./configure --prefix=/usr/local/mysql --localstatedir=/usr/local/mysql/data \
--with-extra-charsets=complex --enable-thread-safe-client \
--enable-local-infile --disable-shared --with-vio --with-openssl
After that run make (which may take a while)
$ make
Next, install, which is quicker
$ sudo make install
If you look in the /usr/local/mysql directory, you will see that we still don't have a data directory, so now create and initialize the data directory with
$ sudo /usr/local/mysql/bin/mysql_install_db --force
Of course, set the permissions so only mysql has access to the data dir
$ sudo chown -R mysql:mysql /usr/local/mysql/data
Next launch mysqld
$ sudo /usr/local/mysql/bin/mysqld_safe --user=mysql &
Secure the root user in the usual way .
Startup Item
Well the startup item is not working on these source builds of MySQL, so since Startup Items are being deprecated anyway in OS X Tiger, I just made a launchd plist file similar to those you will find if you google for 'mysql launchd'.
Verifying my SSL capability, log in and...
> show variables like 'have_openssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
+---------------+-------+
PS. I wrote this article while doing this installation. My next step is to create SSL certificates and make client connections using SSL. Hopefully I will get time to document that here in the next few days.
References:
http://dev.mysql.com/doc/refman/4.1/en/installing-source.html
http://dev.mysql.com/doc/refman/4.1/en/default-privileges.html
http://dev.mysql.com/doc/refman/4.1/en/secure-using-ssl.html
- Same directory layout as the standard binary installation.
- Same general features as typical standard binary installation
- SSL client connection support
I performed my source installation with help from MySQL guide and this Apple Developer article with notes/clarifications for OS X Tiger.
Starting config. Fresh installation of OS X Tiger with MySQL standard binary already installed .
If XCode is not installed on your server, then do so now. The installer can be found on the OS X Installation DVD. .... I installed version 2.4 from the OS X Tiger Server 10.4.7 DVD for this exercise.
Before starting, I stopped mysqld, stopped the mysqld startup item (use the PrefPane that comes with the MySQL binary install to do this if you like), and I deleted contents of /usr/local in advance of installation as a precaution in case the old binary interfered with the compiled source install. I also wanted to be sure to recognise if the source installation put stuff in different directories to the typical binary, so deleting the binary install will ensure I recognise that afterward.
The mysql group and user already exist (probably from Apple's included binaries or the earlier standard binary installation I did), so I did not create those.
OpenSSL is already installed as part of OS X
$ openssl version
OpenSSL 0.9.7i 14 Oct 2005
Turn off auto-expand in your browser and download the tarball source distribution from mysql.com. I downloaded version 4.1.21 and put it in a directory named 'dev' in my server admin home directory. You will find the "Tarball" source distribution on the same page as the corresponding binary downloads at the bottom of the page. There are about a half dozen source distributions listed.
cd into the directory containing the archive and do the following:
$ gunzip < mysql-4.1.21.tar.gz | gnutar -xvf -
$ ls -al
total 34424
drwxr-xr-x 4 admin staff 136 Nov 21 13:30 .
drwxr-xr-x 17 admin staff 578 Nov 21 13:26 ..
drwxr-xr-x 59 admin staff 2006 Jul 19 11:20 mysql-4.1.21
-rw-r--r-- 1 admin staff 17624947 Jul 19 11:21 mysql-4.1.21.tar.gz
$ cd mysql-4.1.21
Then I configured the build using the following, however I am sure there could be other options . This is one BIG command (the '\' are continuations), and the default version of gcc at the writing of this article was 4.01.
$ CC=gcc CFLAGS="-O3 -fno-omit-frame-pointer" CXX=gcc \
CXXFLAGS="-O3 -fno-omit-frame-pointer -felide-constructors -fno-exceptions -fno-rtti" \
./configure --prefix=/usr/local/mysql --localstatedir=/usr/local/mysql/data \
--with-extra-charsets=complex --enable-thread-safe-client \
--enable-local-infile --disable-shared --with-vio --with-openssl
After that run make (which may take a while)
$ make
Next, install, which is quicker
$ sudo make install
If you look in the /usr/local/mysql directory, you will see that we still don't have a data directory, so now create and initialize the data directory with
$ sudo /usr/local/mysql/bin/mysql_install_db --force
Of course, set the permissions so only mysql has access to the data dir
$ sudo chown -R mysql:mysql /usr/local/mysql/data
Next launch mysqld
$ sudo /usr/local/mysql/bin/mysqld_safe --user=mysql &
Secure the root user in the usual way .
Startup Item
Well the startup item is not working on these source builds of MySQL, so since Startup Items are being deprecated anyway in OS X Tiger, I just made a launchd plist file similar to those you will find if you google for 'mysql launchd'.
Verifying my SSL capability, log in and...
> show variables like 'have_openssl';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl | YES |
+---------------+-------+
PS. I wrote this article while doing this installation. My next step is to create SSL certificates and make client connections using SSL. Hopefully I will get time to document that here in the next few days.
References:
http://dev.mysql.com/doc/refman/4.1/en/installing-source.html
http://dev.mysql.com/doc/refman/4.1/en/default-privileges.html
http://dev.mysql.com/doc/refman/4.1/en/secure-using-ssl.html
Posted: Tue - November 21, 2006 at 02:14 PM
Quick Links
Calendar
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
Categories
Archives
XML/RSS Feed
Statistics
Total entries in this blog:
Total entries in this category:
Published On: Dec 28, 2006 02:13 PM
Total entries in this category:
Published On: Dec 28, 2006 02:13 PM