Skip to content

Feature: caching_sha2_password over insecure connections #199

New issue
New issue
Open
#248
Open
Feature: caching_sha2_password over insecure connections#199
#248
@casperisfine

Description

@casperisfine
casperisfine
opened on Aug 28, 2024

I ran into something I don't quite understand the other day when making a gem compatible with trilogy: cainlevy/scenic-mysql_adapter#2 / https://github.com/cainlevy/scenic-mysql_adapter/actions/runs/10516090228/

That gem CI uses the default mysql baked into GitHub Actions ubuntu-latest images:

    steps:
      - uses: actions/checkout@v3
      - name: Setup Ruby
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ${{ matrix.ruby }}
          bundler-cache: true
      - name: Start and create DB
        run: |
          sudo service mysql start
          sleep 10
          mysql -u root -proot -e "CREATE DATABASE scenic_mysql_adapter_test;"
      - name: Run tests
        env:
          DATABASE_URL: ${{ matrix.client }}://root:[email protected]/scenic_mysql_adapter_test
        run: |
          bundle exec rake test

Nothing else changed in the test suite, just the same code using Active Record, one with mysql2 the other with trilogy.

The mysql2 jobs went fine, but the trilogy ones failed to connect with:

ActiveRecord::ConnectionNotEstablished: trilogy_auth_recv: caching_sha2_password requires either TCP with TLS or a unix socket: TRILOGY_UNSUPPORTED
    vendor/bundle/ruby/3.3.0/gems/activerecord-7.2.1/lib/active_record/connection_adapters/trilogy_adapter.rb:34:in `rescue in new_client'
    vendor/bundle/ruby/3.3.0/gems/activerecord-7.2.1/lib/active_record/connection_adapters/trilogy_adapter.rb:30:in `new_client'
    vendor/bundle/ruby/3.3.0/gems/activerecord-7.2.1/lib/active_record/connection_adapters/trilogy_adapter.rb:[17](https://github.com/cainlevy/scenic-mysql_adapter/actions/runs/10516090228/job/29137551437#step:5:18)4:in `connect'
    vendor/bundle/ruby/3.3.0/gems/activerecord-7.2.1/lib/active_record/connection_adapters/trilogy_adapter.rb:182:in `reconnect'
    vendor/bundle/ruby/3.3.0/gems/activerecord-7.2.1/lib/active_record/connection_adapters/abstract_adapter.rb:662:in `block in reconnect!'

So I don't know what mysql2 is doing, if it somehow accept to do caching_sha2 without TLS, or if somehow it fallbacks to another method, but I think we should do the same thing if we want to ease the transition from mysql2 to trilogy.

cc @adrianna-chang-shopify @eileencodes @jhawthorn @matthewd

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions