Book Image

Getting Started with MariaDB

By : Daniel Bartholomew
Book Image

Getting Started with MariaDB

By: Daniel Bartholomew

Overview of this book

MariaDB is a database that has become very popular in the few short years that it has been around. It does not require a big server or expensive support contract. It is also powerful enough to be the database of choice for some of the biggest and most popular websites in the world, taking full advantage of the latest computing hardware available. From installing and configuring through basic usage and maintenance, each chapter in this revised and expanded guide leads on sequentially and logically from the one before it, introducing topics in their natural order so you learn what you need, when you need it. The book is based on the latest release of MariaDB and covers all the latest features and functions. By the end of this beginner-friendly book, not only will you have a running installation of MariaDB, but you will have practical, hands-on experience in the basics of how to install, configure, administer, use, and maintain it.
Table of Contents (16 chapters)
Getting Started with MariaDB Second Edition
About the Author
About the Reviewers
MariaDB Next Steps

MariaDB package security

The packages provided by the MariaDB developers are signed with a security key so that they can be verified by package managers such as yum and apt. The key signing and verification infrastructure on Linux is called Gnu Privacy Guard (GPG). It is a compatible open source version of Pretty Good Privacy (PGP), which is an industry standard data encryption, decryption, and verification system.

The identification number (GPG ID) of the MariaDB signing key is 0xcbcb082a1bb943db. For longtime users of GPG, this ID may seem a little long. That's because, until recently, it was common to share a short form of the GPG ID. This is discouraged now because of a GPG vulnerability discovered a couple years ago; however, many utilities will still display the short form by default. The long form of the ID is more secure, so this is what the MariaDB developers share when talking about the key. But, in case we want it, the short form of the ID is 1BB943DB (it's just the last eight characters of the long form ID). For the extra cautious, the full key fingerprint is:

1993 69E5 404B D5FC 7D2F E43B CBCB 082A 1BB9 43DB

The key IDs and fingerprint are also posted in the MariaDB Knowledge Base, which is the official location of the MariaDB documentation and is available from:

By checking the signature of the packages, Linux package managers, and more importantly, WE can verify whether the package that comes from the MariaDB developers and hasn't been tampered with since they created it.

When configuring the MariaDB repository on Debian and Ubuntu and during the initial MariaDB install on Fedora, Red Hat, and CentOS, an important task is to import the signing key. It's a good idea to verify the key by comparing it to the IDs and the fingerprint when doing so. Thankfully, this is a one-time operation. Once the key is imported, the process is fully automatic. We will only be notified if the signature check fails.

For MariaDB Windows, binary Linux, and the MariaDB source code files, we can verify them in two ways, first is by comparing the md5sum of the file we downloaded with the md5sum posted on the MariaDB downloads page next to the file. The second way is to use PGP or GPG to verify the cryptographic signature of the file. These signatures are also posted on the MariaDB downloads page.