[12.x] Update schema dump to use new MySQL SSL disable flag

[ziadoz]

#55683 allowed SSL to be disabled when Laravel imports schema SQL. However, the --ssl=off flag was deprecated in 8.0.26 and removed in MySQL 8.0.40: Error: [ERROR] unknown variable 'ssl=off'.

This PR checks the MySQL version and uses the newer --ssl-mode=DISABLED for newer versions.

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-26.html#mysqld-8-0-26-deprecation-removal
https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-0.html#mysqld-8-4-0-deprecation-removal
https://dev.mysql.com/doc/refman/8.4/en/connection-options.html#option_general_ssl-mode

An alternative to this might be a generic LARAVEL_LOAD_(MYSQL|MARIADB|POSTGRES|SQLITE)_OPTS= env var that allows any custom options/flags to be added to the load command.

[github-actions]

Thanks for submitting a PR!

Note that draft PR's are not reviewed. If you would like a review, please mark your pull request as ready for review in the GitHub user interface.

Pull requests that are abandoned in draft may be closed due to inactivity.

[andersonls]

@ziadoz I think it is a little more complicated than that. The availability of this option differs from the MySQL server and client. I'm using the latest MySQL docker image and running Laravel on a php:8.4-fpm-alpine image (with mysql-client installed) and it works fine with --ssl=off

Server

$ docker exec -i mysql80 mysql -V
mysql  Ver 8.0.42 for Linux on x86_64 (MySQL Community Server - GPL)

Client

$ docker exec -i laravel mysql -V
mysql from 11.4.5-MariaDB, client 15.2 for Linux (x86_64) using readline 5.1

$ docker exec -i laravel mysql --ssl-mode=DISABLED
mysql: unknown variable 'ssl-mode=DISABLED'

[ziadoz]

@andersonls That's interesting, thanks for the input. Any thoughts on a better solution? I did wonder if some kind of LARAVEL_LOAD_(MYSQL|MARIADB|POSTGRES|SQLITE)_OPTS= env var that allows extra options to added to the load command would work.

[andersonls]

@ziadoz I did some more digging and testing, and actually it was my mistake. The --ssl-mode=DISABLED is indeed correct and it works even with MySQL 5.X. I think the best approach is to remove the version checking and just use the ssl-mode option. The php-alpine docker image i'm using is pushing me the mariabd-client as a replacement for the mysql-client (hence the from 11.4.5-MariaDB when i ran mysql -V), and mariadb only has the --ssl=off option.

I don't know about the LARAVEL_LOAD_(MYSQL|MARIADB|POSTGRES|SQLITE)_OPTS= env, it seems like a good idea since it gives more flexibility over the parameters passed to the client.

[ziadoz]

@ziadoz I did some more digging and testing, and actually it was my mistake. The --ssl-mode=DISABLED is indeed correct and it works even with MySQL 5.X. I think the best approach is to remove the version checking and just use the ssl-mode option. The php-alpine docker image i'm using is pushing me the mariabd-client as a replacement for the mysql-client (hence the from 11.4.5-MariaDB when i ran mysql -V), and mariadb only has the --ssl=off option.

I think most Linux distros are shipping the MariaDB client/server instead of the MySQL one now, even if they're so far diverged at this point they're separate things, so I expect this will be an issue for anyone using Docker, because the client will be MariaDB and the server will be MySQL.

[ziadoz]

@andersonls I pushed a commit here which checks if the mysql --version contains MariaDB or not. It seems like the only reliable way, as far as I can see at least, to determine if the client is really MySQL or MariaDB. Does this change work for you?

[andersonls]

@andersonls I pushed a commit here which checks if the mysql --version contains MariaDB or not. It seems like the only reliable way, as far as I can see at least, to determine if the client is really MySQL or MariaDB. Does this change work for you?

Yes it does work. But I'm wondering if it shouldn't fallback to the MariaDbSchemaState in this case. I noticed that the mysql alias is deprecated, so at some point it will stop working at all.

$ mysql --version
mysql: Deprecated program name. It will be removed in a future release, use '/usr/bin/mariadb' instead

[ziadoz]

@andersonls I assume the deprecation depends on the Linux distro being used (I'm guessing that's Alpine?). But mysql could easily be symlinked into place when that occurs.

Would falling back to the MariaDbSchemaState class be correct? If we're dumping/loading a MySQL database via the MariaDB client, it seems like it may not produce the correct results.

[andersonls]

@andersonls I assume the deprecation depends on the Linux distro being used (I'm guessing that's Alpine?). But mysql could easily be symlinked into place when that occurs.

That's a good point, and yes, I'm using Alpine at the moment.

Would falling back to the MariaDbSchemaState class be correct? If we're dumping/loading a MySQL database via the MariaDB client, it seems like it may not produce the correct results.

dumping/loading a MySQL database via the MariaDB client is exactly what's happening in my case. I would prefer to fallback to the MariaDB class than adding checks to see which client is installed, but maybe the best approach is to leave it to the user to install the mysql client manually if needed?
I can set the --ssl=off via config file for the mariadb client and if I started having problems with the dump/load commands I would probably find I way to add the mysql binaries to the container and not depend on the Alpine ones.

[ziadoz]

@andersonls The solution I've come up with to resolve this in Docker is to configure the MariaDB client directly in /etc/my.cnf.d/mariadb-client.cnf:

[mariadb-client]
ssl=off

I do think it would be nice if we were able to add additional options/flags onto these schema dumping/loading classes, but one for another day perhaps.

[andersonls]

@taylorotwell what's your thought on this? Should I create a new PR to change the option to --ssl-mode=DISABLED?