"Plugin caching_sha2_password could not be loaded" references mariadb file from mysql service

I’m using hosted gitlab and stock gitlab CI. This is similar to something I’ve seen many times before, where MySQL defaults to using an auth module that was not supported by PHP (or other client, as in this question), but this time it’s entirely reversed: my PHP instance is configured correctly but MySQL is missing the plugin!

Before anyone suggests it, downgrading the config to use mysql_native_password is not a solution – that’s just hiding the problem. Downgrading to MySQL 5.7 is also not an option (auth works, but we require 8.0 features).

The error output looks like this:

The command "mysql --user="${:LARAVEL_LOAD_USER}" --password="${:LARAVEL_LOAD_PASSWORD}" --host="${:LARAVEL_LOAD_HOST}" --port="${:LARAVEL_LOAD_PORT}" --database="${:LARAVEL_LOAD_DATABASE}" < "${:LARAVEL_LOAD_PATH}"" failed.
Exit Code: 1(General error)
Working directory: /builds/myapp
Error Output:
ERROR 1045 (28000): Plugin caching_sha2_password could not be loaded: /usr/lib/x86_64-linux-gnu/mariadb19/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory

My gitlab-ci.yml references mysql 8 in the most vanilla way:

  stage: build
    - mysql:8.0

My PHP config (which includes the correct auth plugin):

Client API library version => mysqlnd 7.4.1
Loaded plugins => mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_caching_sha2_password,auth_plugin_sha256_password

The error appears to be thrown by the mysql command-line client rather than PHP, but the problem is clearly at the server end. What is very suspicious is the path it says is missing:


Why on earth would a stock install of mysql be referencing a MariaDB plugin?

I can only conclude that the mysql service provided by gitlab is some custom image rather than a stock MySQL. Where/how should I report this bug?

I have tracked down the source of this bug. It’s in the popular gitlab-ci-pipeline-php package, which installs the MariaDB client instead of real MySQL, so it is not compatible with the stock GitLab MySQL service. We are stuck until this is fixed – it’s awaiting merge of my PR to do that.

1 Like

Until this issue is fixed, can anyone recommend another PHP CI image for GitLab that doesn’t suffer this problem?

Why not try it with an other image?

I used:

  image: ubuntu:20.04
      - mysql:8.0


    - apt -y update
    - apt -y install apt-utils
    - apt -y install net-tools python3.8 python3-pip mysql-client libmysqlclient-dev
    - apt -y upgrade
    - pip3 install -r requirements.txt

Worked for a Django project. Of course you use the image and python version that comes closes to your production environment.

I found a workaround:

    - name: mysql:8.0
      command: [ "--default-authentication-plugin=mysql_native_password" ]

This makes the mysql command line client use the older, less secure auth mechanism that MariaDB supports.