From b3df96c835d2404b2c0348b1536b99a40239c2de Mon Sep 17 00:00:00 2001
From: Nikhil Benesch <nikhil.benesch@gmail.com>
Date: Mon, 6 Dec 2021 01:19:58 -0500
Subject: [PATCH 1/3] mzbuild: fix building from a subdirectory of the repo

---
 misc/python/materialize/mzbuild.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/misc/python/materialize/mzbuild.py b/misc/python/materialize/mzbuild.py
index ade7843d9351c..6932e8ac57138 100644
--- a/misc/python/materialize/mzbuild.py
+++ b/misc/python/materialize/mzbuild.py
@@ -249,7 +249,10 @@ def build(self) -> None:
             # down CI, since we're packaging these binaries up into Docker
             # images and shipping them around. A bit unfortunate, since it'd be
             # nice to have useful backtraces if the binary crashes.
-            spawn.runv([*self.rd.tool("strip"), "--strip-debug", self.path / self.bin])
+            spawn.runv(
+                [*self.rd.tool("strip"), "--strip-debug", self.path / self.bin],
+                cwd=self.rd.root,
+            )
         else:
             # Even if we've been asked not to strip the binary, remove the
             # `.debug_pubnames` and `.debug_pubtypes` sections. These are just
@@ -267,11 +270,14 @@ def build(self) -> None:
                     "-R",
                     ".debug_pubtypes",
                     self.path / self.bin,
-                ]
+                ],
+                cwd=self.rd.root,
             )
         if self.extract:
             output = spawn.capture(
-                cargo_build + ["--message-format=json"], unicode=True
+                cargo_build + ["--message-format=json"],
+                unicode=True,
+                cwd=self.rd.root,
             )
             for line in output.split("\n"):
                 if line.strip() == "" or not line.startswith("{"):

From 82203dd461e3f3b76cee01ab3ae20ea21fc449ec Mon Sep 17 00:00:00 2001
From: Nikhil Benesch <nikhil.benesch@gmail.com>
Date: Mon, 6 Dec 2021 01:21:05 -0500
Subject: [PATCH 2/3] deploy: publish "unstable-COMMIT" tags to Docker Hub
 again

I accidentally removed these tags in 1f57657.
---
 ci/deploy/linux.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ci/deploy/linux.py b/ci/deploy/linux.py
index 0d6e417abb308..74e8cb7c5c0c2 100644
--- a/ci/deploy/linux.py
+++ b/ci/deploy/linux.py
@@ -59,6 +59,7 @@ def main() -> None:
             publish_multiarch_images("latest", deps)
     else:
         publish_multiarch_images("unstable", deps)
+        publish_multiarch_images(f'unstable-{git.rev_parse("HEAD")}', deps)
 
     print("--- Uploading binary tarball")
     for repo in repos:

From f87d77580e4502381e2ad9f7193cda342c4ad6bf Mon Sep 17 00:00:00 2001
From: Nikhil Benesch <nikhil.benesch@gmail.com>
Date: Mon, 6 Dec 2021 01:01:35 -0500
Subject: [PATCH 3/3] chbench: use native password authentication for mysql

For compatibility with the PyMySQL driver on some platforms.
---
 demo/chbench/mysql/Dockerfile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/demo/chbench/mysql/Dockerfile b/demo/chbench/mysql/Dockerfile
index 2db393efdf3a8..6f0dc6959ee9e 100644
--- a/demo/chbench/mysql/Dockerfile
+++ b/demo/chbench/mysql/Dockerfile
@@ -11,3 +11,7 @@ FROM mysql/mysql-server:8.0.27
 
 COPY mysql.cnf /etc/mysql/conf.d/
 COPY replication.sql /docker-entrypoint-initdb.d/
+
+# The caching_sha2_password plugin requires the Python `cryptography` package
+# on the client, which is a somewhat onerous dependency.
+CMD ["mysqld", "--default-authentication-plugin=mysql_native_password"]