This article records the modification of the tidb database version number information. Since this article does not involve many knowledge points and has no technical content, please read with caution and as needed.
origin
Domestic adaptation seems to be popular recently. A project I did in the first half of the year was originally based on mysql. It went through an upgrade from 5.7 to 8.0 and experienced the painful stage of data incompatibility between different versions. Later, Shangfeng gave an order to switch to a domestic database. Considering that MySQL is required in the project to be a low-code platform microservice written in Java, considering the technology stack of the team developers, considering the timeliness, and considering the smooth switching, after multiple considerations and a period of selection, we decided Using TiDB, there was an article recording the compilation and deployment of TiDB. Not long ago, the team responsible for security sent a report saying that major vulnerabilities were found during scanning, one in tomcat and the other in the database. There are more than 20 numbers:
CVE-2023-21912、CVE-2019-3822、CVE-2022-37434、CVE-2021-3711、CVE-2021-22926、CVE-2019-5443、CVE-2019-5482、CVE-2022-43551、CVE-2021-22946、CVE-2022-27778、CVE-2021-2144、CVE-2019-2632、CVE-2023-21980、CVE-2021-22946、CVE-2021-22945、CVE-2021-22901、CVE-2019-17543、CVE-2023-0215、CVE-2022-32221、CVE-2020-1967、CVE-2022-1292、CVE-2022-0778
No matter which one, they all point to it mysql/5.7.25.
The report also gives a link to the official fix:
https://www.oracle.com/security-alerts/cpuapr2023.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuapr2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuapr2019.html
Good guy, there are years when my eldest daughter has never been born and can recite "Moonlight before the Bed". No matter which year list, she can't do it, because although TiDB is highly compatible with MySQL, it is not MySQL after all. Just like saying "treat oneself as one's own" clearly means "not being one's own."
But no matter what, if there is a problem, you must always solve it. Find a way to solve it, overcome difficulties and solve it. If others don't understand, you have to go out and solve it yourself.
Troubleshooting and solving
Start solving
First, search on the Internet to find posts related to the TiDB community. This one is a post , and the other is also a post . There is a plan to modify the version number.
[The external link image transfer failed. The source site may have an anti-leeching mechanism. It is recommended to save the image and upload it directly (img-Oo7oxFxo-1691135417973) (2023-08-03-tidb modified version number/image-20230804152153334.png)]
But what it says is that there is a cluster, so this solution cannot be used directly. But TiDB is open source, and I compiled it myself at the time, so I decided to look at the source code. The following is to modify the version number by modifying the source code or configuration file.
identify the problem
Note that the MySQL version mentioned in the vulnerability scan report is 5.7.25. Use mysqlthe command to connect to the TiDB database, and the version number information will be displayed first:
$ mysql -uroot -h 127.0.0.1 -P4000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 405
Server version: 5.7.25-TiDB- TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
The TiDB version number information is this line Server version: 5.7.25-TiDB- TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible. Except for the TiDB version number, everything else is available.
Since 5.7.25it is so important, I searched directly in the source code project and found the clue.
Modify the wording 5.7.25-TiDB-
In parser\mysql\const.go the file, the relevant code snippets are as follows:
// parser\mysql\const.go
// Version information.
var (
// TiDBReleaseVersion is initialized by (git describe --tags) in Makefile.
TiDBReleaseVersion = "None"
// ServerVersion is the version information of this tidb-server in MySQL's format.
ServerVersion = fmt.Sprintf("5.7.25-TiDB-%s", TiDBReleaseVersion)
)
ServerVersionComposed of fixed prefixes 5.7.25-TiDB-and TiDBReleaseVersion.
Continuing the analysis, there config\config.goare definitions of relevant version numbers, as follows:
// config\config.go
ServerVersion string `toml:"server-version" json:"server-version"`
VersionComment string `toml:"version-comment" json:"version-comment"`
TiDBEdition string `toml:"tidb-edition" json:"tidb-edition"`
TiDBReleaseVersion string `toml:"tidb-release-version" json:"tidb-release-version"`
These fields all belong to Configthe structure, and the fields inside are --configthe fields in the configuration file specified on the command line. Among them, TiDBReleaseVersionrepresents the version number released by TiDB and ServerVersionrepresents the overall version number. If the field is not empty (default is empty_ ) , use its value instead.
tidb.tomlTherefore, add the following version number field directly to the configuration file :
server-version = "7.1.1"
#tidb-release-version = "7.1.1"
# TiDB server host.
。。。
Run the database:
./bin/tidb-server --config tidb.toml
Use the connection on another terminal mysql, the information is as follows:
$ mysql -uroot -h 127.0.0.1 -P4000
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 403
Server version: 7.1.1 TiDB Server (Apache License 2.0) Community Edition, MySQL 5.7 compatible
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
However, the version information line still has MySQL 5.7 compatiblewords. At this time it is time to actually move the source code.
Remove the words MySQL 5.7 compatible
, MySQL 5.7 compatibleThere are related strings in the search keywords tidb-server\main.goand sessionctx\variable\sysvar.gofiles. For safety reasons, they are all deleted.
// tidb-server\main.go setGlobalVars函数
if len(cfg.TiDBEdition) > 0 {
versioninfo.TiDBEdition = cfg.TiDBEdition
variable.SetSysVar(variable.VersionComment, "TiDB Server (Apache License 2.0) "+versioninfo.TiDBEdition+" Edition, MySQL 5.7 compatible")
}
// sessionctx\variable\sysvar.go defaultSysVars 数组
{Scope: ScopeNone, Name: VersionComment, Value: "TiDB Server (Apache License 2.0) " + versioninfo.TiDBEdition + " Edition, MySQL 5.7 compatible"},
When connected to the Internet and go is installed, makejust enter it in the project directory. Note that version 1.18 cannot be compiled. Please note undefined: atomic.Boolthat this article can be compiled normally using 1.20.
test
Run the database:
./bin/tidb-server --config tidb.toml
Use the connection on another terminal mysql, the information is as follows:
$ mysql -uroot -h 127.0.0.1 -P4000
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 403
Server version: 7.1.1 TiDB Server (Apache License 2.0) Community Edition
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
At this point, you can see that the version number information has achieved the expected effect.
other instructions
It is worth mentioning that updating the TiDB source code does not affect the data directory. The docker deployment I used has the data directory permanently mounted, which can be quickly applied to different machines. At the current stage, there are already two domestic ARM servers in use. Even on an x86 platform server, the author is running the ARM version of TiDB.
In addition, this article focuses on the modification and verification of version numbers. The TiDB root account has no password by default, and the default port is 4000.
summary
This article records the process from discovering the problem, thinking about the problem, locating the problem, and solving the problem. During this period, I read the source code, compiled the source code, and changed the go compiler. It will take some time to know whether the so-called loophole can really be solved.