Database Reference
In-Depth Information
MariaDB package security
The packages provided by the MariaDB developers are signed with a security key
so that they can be verified by package managers such as Yum and Apt. The key
signing and verification infrastructure on Linux is called
Gnu Privacy Guard
(
GPG
).
It is a compatible Open Source version of
Pretty Good Privacy
(
PGP
) which is an
industry standard data encryption, decryption, and verification system.
The identification number (GPG ID) of the MariaDB signing key is
0xcbcb082a1bb943db
. For long-time users of GPG, this ID may seem a little long.
That's because until recently, it was common to share a short form of the GPG ID.
This is discouraged now because of a GPG's vulnerability; however many utilities
will still display the short form by default. The long form of the ID is more secure,
so this is what the MariaDB developers share when talking about the key. But,
in case we want it, the short form of the ID is
1BB943DB
(it's just the last eight
characters of the long form ID). For the extra cautious, the full key fingerprint is:
1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB
The key IDs and fingerprint are also posted in the MariaDB Knowledgebase,
which is the official location of the MariaDB documentation and is available at
https://mariadb.com/kb/en/gpg/
.
By checking the signature of the packages, Linux package managers, and more
importantly, we, can verify whether the package that comes from the MariaDB
developers and hasn't been tampered with since they created it.
When configuring the MariaDB repository on Debian and Ubuntu, and during the
initial MariaDB install on Fedora, Red Hat, and CentOS, an important task is to
import the signing key. It's a good idea to verify the key by comparing it to the IDs
and the fingerprint when doing so. Thankfully, this is a one-time operation. Once
the key is imported the process is fully automatic. We'll only be notified if the
signature check fails.
After the installation
After installing MariaDB, we can quickly test that MariaDB is up and running by
opening a terminal or command-line window and running the following command
(on Windows we can also open the mysql client .exe in the MariaDB folder):
mysql -u root -p
This command connects to MariaDB as the root user (
-u root
) and prompts for the
password of that user (
-p
). When prompted, type in the password configured during
the install. If no password was set during the install, remove
-p
. Until a password is
set we can connect without a password.
