zypper dup installed mariadb on a server

My Tumbleweed install consists of a “Minimal server selection (text mode)” plus extra dependencies: https://github.com/jpluimers/OpenSuSE.Tumbleweed.Server-Install/blob/master/README.rst

How do I check why a dependency got pulled into a zypper dup?

The massive GCC5 update suddenly installed mariadb (which advertises itself MySQL which it isn’t, it’s a MySQL replacement):

Message from package mariadb:</code>

You just installed MySQL server for the first time.

You can start it using:
rcmysql start

During first start empty database will be created for your automatically.

To do so, start the server, then issue the following commands:

'/usr/bin/mysqladmin' -u root password 'new-password'
'/usr/bin/mysqladmin' -u root -h misibook password 'new-password'

Alternatively you can run:

which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.

Quick and dirty test is to try “zypper rm mariadb” and see what it suggests to remove additionally.

rpm -q --whatrequires mariadb ?

Or rather “rpm -q --whatrequires mysql”.

Packages do not require mariadb explicitely, they require mysql which is provided by mysql-community-server and mariadb.

Good point!

Thanks a lot. Seems there is no dependency (see below).

But this got me thinking: could this be the “Web and LAMP Server” pattern got extended? It wasn’t a replacement of mysql with mariadb (see the zypper dup log further below).

**revue:/etc #** zypper rm mariadbLoading repository data...
Reading installed packages...
Resolving package dependencies...

The following package is going to be REMOVED:

1 package to remove.
After the operation, 78.7 MiB will be freed.
**Continue? [y/n/? shows all options] (y): y**
(1/1) Removing mariadb-10.0.17-1.3 .....................................................................................................................................................................................................[done]

Found back the log of the original update: see this gist https://gist.github.com/jpluimers/4de28600df3fdf4a2ce8

MariaDB has been the default in the LAMP server pattern for years now (since 12.3, if I’m not mistaken)

You are right. But it also leads to new questions.

I went through my original log of installation screenshots. It indeed installed mariadb, but it did not give any message about manual security modifications needed.

So: since when is that required? and why?
Would the big GCC5 update have caused this?

This message is printed on installation or update of the package if no database tables exist.

It should have been printed during the original installation too.

The question is whether this makes sense on updates…

So: since when is that required? and why?

It is not really required.
It is just recommended for security reasons. The default is to allow the mysql root user root to connect without a password (but from localhost only, as listening on the network is turned off by default), obviously you wouldn’t want that on a mysql server in your network or the Internet… :wink:

But even with the default settings it might be problematic, as every local user can connect (with full powers) by specifying “root” as username, no password needed.

Would the big GCC5 update have caused this?

No. Definitely not.

bor@opensuse:~/src/llvm/tools/clang> rpm -q --whatrequires glibc

I doubt all other of 4115 installed packages do not really need glibc … you will need to loop through what mariadb provides if you want to go this route. Mandrake urpmq was excellent in giving recursive dependency information.

Kinda shame, I remember using -wr in the past with decent results.

Packages require the libraries directly, not some specific lib package, at least for the dependencies auto-generated by rpmbuild.
So, packages require i.e. libc.so.6, not glibc.

Try “rpm -q --whatrequires libc.so.6” and you’ll get a much longer list… :wink:

But of course, you will miss packages then that do require glibc, and not libc.so.6.

Another option would be to use zypper though:

zypper se -i --requires glibc

This will list all installed packages (’-i’ means to only list installed ones) that require the package glibc.
And “zypper se” also has these options: --recommends, --conflicts, --suggests, --obsoletes
I think you can even combine several into one query.

But even with zypper, “zypper se --requires mariadb” won’t find much (only the mariadb packages themselves, and the akonadi source package), you need to specify “mysql” as well. In the case of glibc and other libraries, it seems to be fine though.

I would not rely on this. It does no miracles.

bor@opensuse:~> LC_ALL=C LANG=C zypper --no-refresh se -i --requires --match-exact glibc 
Loading repository data...
Reading installed packages...

S | Name         | Summary                                             | Type   
i | glibc-devel  | Include Files and Libraries Mandatory for Develop-> | package
i | glibc-extra  | Extra binaries from GNU C Library                   | package
i | glibc-locale | Locale Data for Localized Programs                  | package
i | liblockdev1  | The header files for the lockdev library            | package
i | nscd         | Name Service Caching Daemon                         | package
i | valgrind     | Memory Management Debugger                          | package

It looks like it returns all packages because by default zypper does case insensitive substring search and so matches something like

bor@opensuse:~> rpm -q --provides glibc  | grep GLIBC

I really miss real recursive dependencies search as was present in URPM toolset.

You’re probably right, yes.

But I’d say that’s exactly what you want in this case, i.e. for finding out what requires glibc.
And it should also work with other lib packages, as a package would either require libxxx or libxxx.so.x.

It does no miracles.

Of course it doesn’t.
But I suppose URPM does neither… :wink:

Never used that though, so I’m not really sure what you mean exactly with “recursive dependencies search”.
That package x is listed as requiring z, if it requires y which in turn requires z?
For that “zypper rm” as you wrote (maybe with the --dry-run/-D option) is probably the best way, yes.
Or “rpm -e --test xxx”.

bor@opensuse:~> LC_ALL=C LANG=C zypper --no-refresh se -i --requires libopenssl1_0_0
Loading repository data...
Reading installed packages...

S | Name             | Summary                                         | Type   
i | libopenssl-devel | Include Files and Libraries mandatory for Dev-> | package
bor@opensuse:~> rpm -q --provides libopenssl1_0_0
libopenssl1_0_0 = 1.0.1k-2.24.1
libopenssl1_0_0(x86-64) = 1.0.1k-2.24.1
bor@opensuse:~> LC_ALL=C LANG=C zypper --no-refresh se -i --requires 'libssl.so.1.0.0()(64bit)'
Loading repository data...
Reading installed packages...

S | Name                       | Summary                               | Type   
i | cups                       | The Common UNIX Printing System       | package
i | cups-libs                  | Libraries for CUPS                    | package
i | git-core                   | Core git tools                        | package
i | gnome-vfs2                 | The GNOME 2.x Desktop Virtual File -> | package
... long list 

But I suppose URPM does neither…

When user asks question “which packages require package foo” user is actually interested in answer similar to"can I remove package foo without breaking my system", or, in reverse, “what packages must I install additionally if I want to install package foo”. zypper answers different question - what package has “provide” attribute that matches string “foo”. This is entirely different and too low level to be of real use. It is useful, but for a developer, not a user.

urmpq gave exactly the right answer. “urpmq --requires foo” prints the list of packages that require package foo. This is effectively

for i in $(rpm -q --provides foo); do
zypper search --match-exact $i

except zypper does not provide nice scripting interface for it.

That package x is listed as requiring z, if it requires y which in turn requires z?

That was “urpmq --requires-recursive”. It is effectively list you get when you try “zypper rm”.

Thanks again. In the mean time I’ve installed a remove/install cycle of mariadb to see if it re-shows the message and it does.

Since I’m not in need of mariadb right now, but might need it in the future I think that is great.

Finally I got rid of both mariadb stuff and ensured the pattern is also gone and tested if the dup doesn’t reinstall them:

zypper remove patterns-openSUSE-lamp_server
zypper remove mariadb-client mariadb-errormessages
zypper dup

Everything is fine now. Thanks again.