From 887c7c8cd6a51662ac95fa81895a8f871e7e90f8 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 17:49:11 +0200
Subject: [PATCH 01/46] Script to generate certificates

---
 tools/ci/gen-certificates.py | 65 ++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100755 tools/ci/gen-certificates.py

diff --git a/tools/ci/gen-certificates.py b/tools/ci/gen-certificates.py
new file mode 100755
index 000000000..32f24b920
--- /dev/null
+++ b/tools/ci/gen-certificates.py
@@ -0,0 +1,65 @@
+#!/usr/bin/env python3
+# Copyright (c) 2026 Ruben Perez Hidalgo (rubenperez038 at gmail dot com)
+#
+# Distributed under the Boost Software License, Version 1.0. (See
+# accompanying file LICENSE.txt)
+#
+
+# Generates the ca and certificates used for CI testing.
+# Usage: python gen-certificates.py [output-dir]
+
+import os
+import subprocess
+import sys
+import stat
+
+
+def _run_openssl(*args: str) -> None:
+    print(f' + {" ".join(args)}')
+    subprocess.run(['openssl', *args], check=True)
+
+
+def main() -> None:
+    output_dir = sys.argv[1] if len(sys.argv) > 1 else '/opt/ci-tls-mysql'
+    os.makedirs(output_dir, exist_ok=True)
+    os.chdir(output_dir)
+
+    ca_key = os.path.join(output_dir, 'ca-key.pem')
+    ca_crt = os.path.join(output_dir, 'ca-cert.pem')
+    server_key = os.path.join(output_dir, 'server-key.pem')
+    server_csr = os.path.join(output_dir, 'server.csr')
+    server_crt = os.path.join(output_dir, 'server-cert.pem')
+
+    # CA private key
+    _run_openssl('genpkey', '-algorithm', 'RSA', '-out', ca_key, '-pkeyopt', 'rsa_keygen_bits:2048')
+
+    # CA certificate
+    _run_openssl(
+        'req', '-x509', '-new', '-nodes', '-key', ca_key, '-sha256',
+        '-days', '20000', '-out', ca_crt,
+        '-subj', '/C=ES/O=Boost.MySQL CI CA/OU=IT/CN=boost-mysql-ci-ca',
+    )
+
+    # Server private key
+    _run_openssl('genpkey', '-algorithm', 'RSA', '-out', server_key, '-pkeyopt', 'rsa_keygen_bits:2048')
+
+    # Server certificate
+    _run_openssl(
+        'req', '-new', '-key', server_key, '-out', server_csr,
+        '-subj', '/C=ES/O=Boost.MySQL CI CA/OU=IT/CN=mysql',
+    )
+    _run_openssl(
+        'x509', '-req', '-in', server_csr, '-CA', ca_crt, '-CAkey', ca_key,
+        '-CAcreateserial', '-out', server_crt, '-days', '20000', '-sha256',
+    )
+    os.remove(server_csr)
+    os.remove(ca_key)
+
+    # Required when running with Docker because of mismatched user IDs
+    read_only = stat.S_IRUSR | stat.S_IRGRP | stat.S_IROTH  # 444
+    for name in os.listdir(output_dir):
+        os.chmod(os.path.join(output_dir, name), read_only)
+
+
+if __name__ == '__main__':
+    main()

From 5e9cde5fa3710ba4ca67dd1e549ce99d37181108 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 17:59:01 +0200
Subject: [PATCH 02/46] Read tA certificate dynamically

---
 .../include/test_integration/server_ca.hpp    | 43 -------------------
 test/integration/test/handshake.cpp           | 28 +++++++++---
 2 files changed, 23 insertions(+), 48 deletions(-)
 delete mode 100644 test/integration/include/test_integration/server_ca.hpp

diff --git a/test/integration/include/test_integration/server_ca.hpp b/test/integration/include/test_integration/server_ca.hpp
deleted file mode 100644
index 7ced5d3e7..000000000
--- a/test/integration/include/test_integration/server_ca.hpp
+++ /dev/null
@@ -1,43 +0,0 @@
-//
-// Copyright (c) 2019-2025 Ruben Perez Hidalgo (rubenperez038 at gmail dot com)
-//
-// Distributed under the Boost Software License, Version 1.0. (See accompanying
-// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
-//
-
-#ifndef BOOST_MYSQL_TEST_INTEGRATION_INCLUDE_TEST_INTEGRATION_SERVER_CA_HPP
-#define BOOST_MYSQL_TEST_INTEGRATION_INCLUDE_TEST_INTEGRATION_SERVER_CA_HPP
-
-namespace boost {
-namespace mysql {
-namespace test {
-
-// The CA file that signed the server's certificate
-constexpr const char CA_PEM[] = R"%(-----BEGIN CERTIFICATE-----
-MIIDZzCCAk+gAwIBAgIUWznm2UoxXw3j7HCcp9PpiayTvFQwDQYJKoZIhvcNAQEL
-BQAwQjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAMBgNVBAoM
-BW15c3FsMQ4wDAYDVQQDDAVteXNxbDAgFw0yMDA0MDQxNDMwMjNaGA8zMDE5MDgw
-NjE0MzAyM1owQjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAM
-BgNVBAoMBW15c3FsMQ4wDAYDVQQDDAVteXNxbDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAN0WYdvsDb+a0TxOGPejcwZT0zvTrf921mmDUlrLN1Z0hJ/S
-ydgQCSD7Q+6za4lTFZCXcvs52xvvS2gfC0yXyYLCT/jA4RQRxuF+/+w1gDWEbGk0
-KzEpsBuKrEIvEaVdoS78SxInnW/aegshdrRRocp4JQ6KHsZgkLTxSwPfYSUmMUo0
-cRO0Q/ak3VK8NP13A6ZFvZjrBxjS3cSw9HqilgADcyj1D4EokvfI1C9LrgwgLlZC
-XVkjjBqqoMXGGlnXOEK+pm8bU68HM/QvMBkb1Amo8pioNaaYgqJUCP0Ch0iu1nUU
-HtsWt6emXv0jANgIW0oga7xcT4MDGN/M+IRWLTECAwEAAaNTMFEwHQYDVR0OBBYE
-FNxhaGwf5ePPhzK7yOAKD3VF6wm2MB8GA1UdIwQYMBaAFNxhaGwf5ePPhzK7yOAK
-D3VF6wm2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAoeJCAX
-IDCFoAaZoQ1niI6Ac/cds8G8It0UCcFGSg+HrZ0YujJxWIruRCUG60Q2OAbEvn0+
-uRpTm+4tV1Wt92WFeuRyqkomozx0g4CyfsxGX/x8mLhKPFK/7K9iTXM4/t+xQC4f
-J+iRmPVsMKQ8YsHYiWVhlOMH9XJQiqERCB2kOKJCH6xkaF2k0GbM2sGgbS7Z6lrd
-fsFTOIVx0VxLVsZnWX3byE9ghnDR5jn18u30Cpb/R/ShxNUGIHqRa4DkM5la6uZX
-W1fpSW11JBSUv4WnOO0C2rlIu7UJWOROqZZ0OsybPRGGwagcyff2qVRuI2XFvAMk
-OzBrmpfHEhF6NDU=
------END CERTIFICATE-----
-)%";
-
-}  // namespace test
-}  // namespace mysql
-}  // namespace boost
-
-#endif
diff --git a/test/integration/test/handshake.cpp b/test/integration/test/handshake.cpp
index 819f1569e..193809f11 100644
--- a/test/integration/test/handshake.cpp
+++ b/test/integration/test/handshake.cpp
@@ -26,8 +26,11 @@
 #include <boost/test/data/test_case.hpp>
 #include <boost/test/unit_test.hpp>
 
+#include <cerrno>
+#include <fstream>
 #include <ostream>
 #include <string>
+#include <system_error>
 #include <utility>
 #include <vector>
 
@@ -39,7 +42,6 @@
 #include "test_common/source_location.hpp"
 #include "test_integration/any_connection_fixture.hpp"
 #include "test_integration/connect_params_builder.hpp"
-#include "test_integration/server_ca.hpp"
 #include "test_integration/server_features.hpp"
 #include "test_integration/tcp_connection_fixture.hpp"
 
@@ -51,6 +53,22 @@ namespace data = boost::unit_test::data;
 
 namespace {
 
+// Retrieves the CA certificate that signed the server's certificate
+std::string read_ca_pem()
+{
+    auto path = safe_getenv("BOOST_MYSQL_CA_CERTIFICATE", "/opt/ci-tls-mysql/ca-cert.pem");
+    std::ifstream ifs(path);
+    if (!ifs)
+        throw std::system_error(errno, std::system_category(), "Failed to open " + std::string(path));
+    return std::string(std::istreambuf_iterator<char>(ifs), std::istreambuf_iterator<char>());
+}
+
+string_view get_ca_pem()
+{
+    static std::string res = read_ca_pem();
+    return res;
+}
+
 BOOST_AUTO_TEST_SUITE(test_handshake)
 
 // Handshake is the most convoluted part of MySQL protocol,
@@ -362,7 +380,7 @@ BOOST_AUTO_TEST_CASE(certificate_valid)
     // Setup
     asio::ssl::context ssl_ctx(asio::ssl::context::tls_client);
     ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer);
-    ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM));
+    ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem()));
     any_connection_fixture fix(ssl_ctx);
 
     // Connect works
@@ -390,7 +408,7 @@ BOOST_AUTO_TEST_CASE(custom_certificate_verification_success)
     // Setup
     asio::ssl::context ssl_ctx(asio::ssl::context::tls_client);
     ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer);
-    ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM));
+    ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem()));
     ssl_ctx.set_verify_callback(boost::asio::ssl::host_name_verification("mysql"));
     any_connection_fixture fix(ssl_ctx);
 
@@ -405,7 +423,7 @@ BOOST_AUTO_TEST_CASE(custom_certificate_verification_error)
     // Setup
     asio::ssl::context ssl_ctx(asio::ssl::context::tls_client);
     ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer);
-    ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM));
+    ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem()));
     ssl_ctx.set_verify_callback(boost::asio::ssl::host_name_verification("host.name"));
     any_connection_fixture fix(ssl_ctx);
 
@@ -422,7 +440,7 @@ BOOST_FIXTURE_TEST_CASE(tcp_ssl_connection_, io_context_fixture)
     // Setup
     asio::ssl::context ssl_ctx(asio::ssl::context::tls_client);
     ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer);
-    ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM));
+    ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem()));
     ssl_ctx.set_verify_callback(boost::asio::ssl::host_name_verification("host.name"));
     tcp_ssl_connection conn(ctx, ssl_ctx);
     auto params = connect_params_builder().build_hparams();

From 854d9862d8db485cafb4d5c64823e82afb9ba554 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 18:01:58 +0200
Subject: [PATCH 03/46] Initial docker compose

---
 tools/scripts/docker-compose.yml | 54 ++++++++++++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 tools/scripts/docker-compose.yml

diff --git a/tools/scripts/docker-compose.yml b/tools/scripts/docker-compose.yml
new file mode 100644
index 000000000..c83ebeb88
--- /dev/null
+++ b/tools/scripts/docker-compose.yml
@@ -0,0 +1,54 @@
+services:
+  mysql-5.7.41:
+    container_name: mysql-5.7.41
+    image: mysql:5.7.41
+    network_mode: host
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: "1"
+      MYSQL_ROOT_PASSWORD: ""
+    volumes:
+      - /opt/ci-tls-mysql:/tls
+      - /var/run/mysqld:/var/run/mysqld
+    command: >
+      /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \
+        /usr/local/bin/docker-entrypoint.sh mysqld \
+          --ssl-ca=/tls/ca-cert.pem \
+          --ssl-cert=/tls/server-cert.pem \
+          --ssl-key=/tls/server-key.pem
+        '
+
+  mysql-8.4.1:
+    container_name: mysql-8.4.1
+    image: mysql:8.4.1
+    network_mode: host
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: "1"
+      MYSQL_ROOT_PASSWORD: ""
+    volumes:
+      - /opt/ci-tls-mysql:/tls
+      - /var/run/mysqld:/var/run/mysqld
+    command: >
+      /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \
+        /usr/local/bin/docker-entrypoint.sh mysqld \
+          --mysql-native-password=ON \
+          --ssl-ca=/tls/ca-cert.pem \
+          --ssl-cert=/tls/server-cert.pem \
+          --ssl-key=/tls/server-key.pem
+        '
+  mysql-9.4.0:
+    container_name: mysql-9.4.0
+    image: mysql:9.4.0
+    network_mode: host
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: "1"
+      MYSQL_ROOT_PASSWORD: ""
+    volumes:
+      - /opt/ci-tls-mysql:/tls
+      - /var/run/mysqld:/var/run/mysqld
+    command: >
+      /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \
+        /usr/local/bin/docker-entrypoint.sh mysqld \
+          --ssl-ca=/tls/ca-cert.pem \
+          --ssl-cert=/tls/server-cert.pem \
+          --ssl-key=/tls/server-key.pem
+        '

From dcdd9e424db8bbd7ba149da06ba965b1ada50548 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 19:42:22 +0200
Subject: [PATCH 04/46] coverage prototype

---
 .github/workflows/coverage.yml       | 31 +++++++++++-----------------
 tools/ci/docker-compose-coverage.yml | 27 ++++++++++++++++++++++++
 2 files changed, 39 insertions(+), 19 deletions(-)
 create mode 100644 tools/ci/docker-compose-coverage.yml

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 1b7411701..6f35ea5c2 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -17,27 +17,21 @@ on:
 jobs:
   coverage:
     runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/anarthal/cpp-ci-containers/build-gcc14-lcov:1
-      volumes:
-        - /var/run/mysqld:/var/run/mysqld
-    services:
-      mysql:
-        image: ghcr.io/anarthal/cpp-ci-containers/mysql-8_4_1:1
-        ports:
-          - 3306:3306
-        volumes:
-          - /var/run/mysqld:/var/run/mysqld
     steps:
       - name: Fetch code
         uses: actions/checkout@v4
 
+      - name: Start containers
+        uses: hoverkraft-tech/compose-action@v2.5.0
+        with:
+          compose-file: ./tools/ci/docker-compose-coverage.yml
+
       - name: Build code
         run: |
-          python tools/ci/main.py \
-            --source-dir=$(pwd) \
+          docker exec builder python tools/ci/main.py \
+            --source-dir=/boost-mysql \
             b2 \
-            --server-host=mysql \
+            --server-host=localhost \
             --toolset=gcc \
             --cxxstd=20 \
             --variant=debug \
@@ -47,20 +41,19 @@ jobs:
       - name: Generate coverage reports
         shell: bash
         run: |
-          cd ~/boost-root/bin.v2
-          lcov \
+          docker exec builder lcov \
             --rc branch_coverage=0 \
             --rc geninfo_unexecuted_blocks=1 \
             --ignore-errors mismatch \
             --gcov-tool gcov-14 \
-            --directory . \
+            --directory ~/boost-root/bin.v2 \
             --capture \
             --output-file all.info
-          lcov \
+          docker exec builder lcov \
             --rc branch_coverage=0 \
             --output-file coverage.info \
             --extract all.info '*/boost/mysql*'
-          sed "s|^SF:$HOME/boost-root/|SF:include/|g" coverage.info > $GITHUB_WORKSPACE/coverage.info
+          docker exec builder sed "s|^SF:$HOME/boost-root/|SF:include/|g" coverage.info > /boost-mysql/coverage.info
 
       - name: Upload coverage reports
         uses: codecov/codecov-action@v4
diff --git a/tools/ci/docker-compose-coverage.yml b/tools/ci/docker-compose-coverage.yml
new file mode 100644
index 000000000..dac47316f
--- /dev/null
+++ b/tools/ci/docker-compose-coverage.yml
@@ -0,0 +1,27 @@
+services:
+  mysql:
+    image: mysql:8.4.1
+    network_mode: host
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: "1"
+      MYSQL_ROOT_PASSWORD: ""
+    volumes:
+      - /opt/ci-tls-mysql:/tls
+      - /var/run/mysqld:/var/run/mysqld
+    command: >
+      /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \
+        /usr/local/bin/docker-entrypoint.sh mysqld \
+          --mysql-native-password=ON \
+          --ssl-ca=/tls/ca-cert.pem \
+          --ssl-cert=/tls/server-cert.pem \
+          --ssl-key=/tls/server-key.pem
+        '
+  builder:
+    container_name: builder
+    image: ghcr.io/anarthal/cpp-ci-containers/build-gcc14-lcov:1
+    network_mode: host
+    tty: true
+    volumes:
+      - ./:/boost-mysql
+      - /opt/ci-tls-mysql:/tls
+      - /var/run/mysqld:/var/run/mysqld

From 1d60422c79d76aeab992484c2d29e56e3734121e Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 19:42:40 +0200
Subject: [PATCH 05/46] drone prototype

---
 .drone.star | 219 +++++++++++++++++++++++++++++++---------------------
 1 file changed, 132 insertions(+), 87 deletions(-)

diff --git a/.drone.star b/.drone.star
index 087d37cbe..7b83d21d6 100644
--- a/.drone.star
+++ b/.drone.star
@@ -85,6 +85,8 @@ def _pipeline(
     disable_aslr=False
 ):
     steps = []
+
+    # Disable ASLR
     if disable_aslr:
         steps.append({
             "name": "Disable ASLR",
@@ -93,6 +95,51 @@ def _pipeline(
             "privileged": True,
             "commands": ["echo 0 | tee /proc/sys/kernel/randomize_va_space"]
         })
+    
+    # Generate certificates
+    if db != None:
+        steps.append({
+            "name": "Generate certificates",
+            "image": image,
+            "pull": "if-not-exists",
+            "commands": [
+                "python tools/ci/gen-certificates.py"
+            ]
+        })
+    
+    # Start the database
+    if db != None:
+        steps.append({
+            "name": "mysql",
+            "image": db.replace('-', ':'),
+            "pull": "if-not-exists",
+            "detached": True,
+            "environment": {
+                "MYSQL_ALLOW_EMPTY_PASSWORD": "1",
+                "MYSQL_ROOT_PASSWORD": ""
+            },
+            "entrypoint": [
+                "/bin/bash",
+                "-c",
+                r"chown -R mysql:mysql /var/run/mysqld && \
+                    /usr/local/bin/docker-entrypoint.sh mysqld \
+                    --ssl-ca=/tls/ca-cert.pem \
+                    --ssl-cert=/tls/server-cert.pem \
+                    --ssl-key=/tls/server-key.pem"
+            ],
+            "volumes": [
+                {
+                    "name": "mysql-socket",
+                    "path": "/var/run/mysqld"
+                },
+                {
+                    "name": "tls-certificates",
+                    "path": "/opt/ci-tls-mysql:/tls"
+                }
+            ]
+        })
+    
+    # Run the build
     steps.append({
         "name": "Build and run",
         "image": image,
@@ -119,18 +166,16 @@ def _pipeline(
         },
         "node": {},
         "steps": steps,
-        "services": [{
-            "name": "mysql",
-            "image": "ghcr.io/anarthal/cpp-ci-containers/{}".format(db),
-            "volumes": [{
+        "volumes": [
+            {
                 "name": "mysql-socket",
-                "path": "/var/run/mysqld"
-            }]
-        }] if db != None else [],
-        "volumes": [{
-            "name": "mysql-socket",
-            "temp": {}
-        }] if db != None else []
+                "temp": {}
+            },
+            {
+                "name": "tls-certificates",
+                "temp": {}
+            }
+        ] if db != None else []
     }
 
 
@@ -149,7 +194,7 @@ def linux_b2(
     valgrind=0,
     arch='amd64',
     fail_if_no_openssl=1,
-    db='mysql-8_4_1:1',
+    db='mysql-8.4.1',
 ):
     command = _b2_command(
         source_dir='$(pwd)',
@@ -201,7 +246,7 @@ def windows_b2(
 def linux_cmake(
     name,
     image,
-    db='mysql-8_4_1:1',
+    db='mysql-8.4.1',
     build_shared_libs=0,
     cmake_build_type='Debug',
     cxxstd='20',
@@ -270,7 +315,7 @@ def bench(name):
                 '--server-host=mysql ' + \
                 '--connection-pool-iters=1 ' + \
                 '--protocol-iters=1 '
-    return _pipeline(name=name, image=_image('build-bench:1'), os='linux', command=command, db='mysql-8_4_1:1')
+    return _pipeline(name=name, image=_image('build-bench:1'), os='linux', command=command, db='mysql-8.4.1')
 
 
 def docs(name):
@@ -285,79 +330,79 @@ def docs(name):
 
 def main(ctx):
     return [
-        # CMake Linux
-        linux_cmake('Linux CMake MySQL 5.x',      _image('build-gcc14:1'), db='mysql-5_7_41:1',   build_shared_libs=0),
-        linux_cmake('Linux CMake MariaDB',        _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1),
-        linux_cmake('Linux CMake cmake 3.8',      _image('build-cmake3_8:3'), cxxstd='11', install_test=0),
-        linux_cmake('Linux CMake gcc Release',    _image('build-gcc14:1'), cmake_build_type='Release'),
-        linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'),
-        linux_cmake_noopenssl('Linux CMake no OpenSSL'),
-        linux_cmake_nointeg('Linux CMake without integration tests'),
-
-        # CMake Windows
-        windows_cmake('Windows CMake static', build_shared_libs=0),
-        windows_cmake('Windows CMake shared', build_shared_libs=1),
-
-        # find_package with B2 distribution
-        find_package_b2_linux('Linux find_package b2 distribution'),
-        find_package_b2_windows('Windows find_package b2 distribution'),
-
-        # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever
-        # Default Ubuntu compilers:
-        #   Ubuntu 16.04: gcc5,  clang 3.8
-        #   Ubuntu 18.04: gcc7,  clang 7
-        #   Ubuntu 20.04: gcc9,  clang 10
-        #   Ubuntu 22.04: gcc11, clang 14
-        #   Ubuntu 24.04: gcc13, clang 18
-        linux_b2('Linux B2 clang-4',              _image('build-clang4:1'),        toolset='clang-4',   cxxstd='14'),
-        linux_b2('Linux B2 clang-5-honly-dbg',    _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14', separate_compilation=0),
-        linux_b2('Linux B2 clang-6',              _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14'),
-        linux_b2('Linux B2 clang-7',              _image('build-clang7:2'),        toolset='clang-7',   cxxstd='14,17'),
-        linux_b2('Linux B2 clang-8',              _image('build-clang8:2'),        toolset='clang-8',   cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 clang-9',              _image('build-clang9:2'),        toolset='clang-9',   cxxstd='17', variant='release'),
-        linux_b2('Linux B2 clang-10',             _image('build-clang10:2'),       toolset='clang-10',  cxxstd='17,20', variant='debug'),
-        linux_b2('Linux B2 clang-11',             _image('build-clang11:2'),       toolset='clang-11',  cxxstd='20'),
-        linux_b2('Linux B2 clang-12',             _image('build-clang12:2'),       toolset='clang-12',  cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 clang-13',             _image('build-clang13:1'),       toolset='clang-13',  cxxstd='20', db='mysql-9_4_0:1'),
-        linux_b2('Linux B2 clang-14',             _image('build-clang14:1'),       toolset='clang-14',  cxxstd='20', variant='debug'),
-        linux_b2('Linux B2 clang-15',             _image('build-clang15:1'),       toolset='clang-15',  cxxstd='20', variant='debug'),
-        linux_b2('Linux B2 clang-16',             _image('build-clang16:1'),       toolset='clang-16',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 clang-17-honly-rls',   _image('build-clang17:1'),       toolset='clang-17',  cxxstd='20', variant='release', separate_compilation=0),
-        linux_b2('Linux B2 clang-18-honly-dbg',   _image('build-clang18:1'),       toolset='clang-18',  cxxstd='20', variant='debug', separate_compilation=0),
-        linux_b2('Linux B2 clang-19-libc++',      _image('build-clang19:1'),       toolset='clang-19',  cxxstd='23', stdlib='libc++'),
+        # # CMake Linux
+        # linux_cmake('Linux CMake MySQL 5.x',      _image('build-gcc14:1'), db='mysql-5_7_41:1',   build_shared_libs=0),
+        # linux_cmake('Linux CMake MariaDB',        _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1),
+        # linux_cmake('Linux CMake cmake 3.8',      _image('build-cmake3_8:3'), cxxstd='11', install_test=0),
+        # linux_cmake('Linux CMake gcc Release',    _image('build-gcc14:1'), cmake_build_type='Release'),
+        # linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'),
+        # linux_cmake_noopenssl('Linux CMake no OpenSSL'),
+        # linux_cmake_nointeg('Linux CMake without integration tests'),
+
+        # # CMake Windows
+        # windows_cmake('Windows CMake static', build_shared_libs=0),
+        # windows_cmake('Windows CMake shared', build_shared_libs=1),
+
+        # # find_package with B2 distribution
+        # find_package_b2_linux('Linux find_package b2 distribution'),
+        # find_package_b2_windows('Windows find_package b2 distribution'),
+
+        # # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever
+        # # Default Ubuntu compilers:
+        # #   Ubuntu 16.04: gcc5,  clang 3.8
+        # #   Ubuntu 18.04: gcc7,  clang 7
+        # #   Ubuntu 20.04: gcc9,  clang 10
+        # #   Ubuntu 22.04: gcc11, clang 14
+        # #   Ubuntu 24.04: gcc13, clang 18
+        # linux_b2('Linux B2 clang-4',              _image('build-clang4:1'),        toolset='clang-4',   cxxstd='14'),
+        # linux_b2('Linux B2 clang-5-honly-dbg',    _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14', separate_compilation=0),
+        # linux_b2('Linux B2 clang-6',              _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14'),
+        # linux_b2('Linux B2 clang-7',              _image('build-clang7:2'),        toolset='clang-7',   cxxstd='14,17'),
+        # linux_b2('Linux B2 clang-8',              _image('build-clang8:2'),        toolset='clang-8',   cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        # linux_b2('Linux B2 clang-9',              _image('build-clang9:2'),        toolset='clang-9',   cxxstd='17', variant='release'),
+        # linux_b2('Linux B2 clang-10',             _image('build-clang10:2'),       toolset='clang-10',  cxxstd='17,20', variant='debug'),
+        # linux_b2('Linux B2 clang-11',             _image('build-clang11:2'),       toolset='clang-11',  cxxstd='20'),
+        # linux_b2('Linux B2 clang-12',             _image('build-clang12:2'),       toolset='clang-12',  cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1),
+        # linux_b2('Linux B2 clang-13',             _image('build-clang13:1'),       toolset='clang-13',  cxxstd='20', db='mysql-9_4_0:1'),
+        # linux_b2('Linux B2 clang-14',             _image('build-clang14:1'),       toolset='clang-14',  cxxstd='20', variant='debug'),
+        # linux_b2('Linux B2 clang-15',             _image('build-clang15:1'),       toolset='clang-15',  cxxstd='20', variant='debug'),
+        # linux_b2('Linux B2 clang-16',             _image('build-clang16:1'),       toolset='clang-16',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        # linux_b2('Linux B2 clang-17-honly-rls',   _image('build-clang17:1'),       toolset='clang-17',  cxxstd='20', variant='release', separate_compilation=0),
+        # linux_b2('Linux B2 clang-18-honly-dbg',   _image('build-clang18:1'),       toolset='clang-18',  cxxstd='20', variant='debug', separate_compilation=0),
+        # linux_b2('Linux B2 clang-19-libc++',      _image('build-clang19:1'),       toolset='clang-19',  cxxstd='23', stdlib='libc++'),
         linux_b2('Linux B2 clang-20',             _image('build-clang20:1'),       toolset='clang-20',  cxxstd='23'),
-        linux_b2('Linux B2 clang-sanit',          _image('build-clang20:1'),       toolset='clang-20',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 clang-i386-sanit',     _image('build-clang16-i386:1'),  toolset='clang-16',  cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1),
-
-        linux_b2('Linux B2 gcc-5',                _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view
-        linux_b2('Linux B2 gcc-5-ts-executor',    _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11', use_ts_executor=1),
-        linux_b2('Linux B2 gcc-6-honly-dbg',      _image('build-gcc6:1'),          toolset='gcc-6',     cxxstd='14', variant='debug', separate_compilation=0),
-        linux_b2('Linux B2 gcc-7',                _image('build-gcc7:1'),          toolset='gcc-7',     cxxstd='14,17', variant='debug'),
-        linux_b2('Linux B2 gcc-8',                _image('build-gcc8:1'),          toolset='gcc-8',     cxxstd='17'),
-        linux_b2('Linux B2 gcc-9',                _image('build-gcc9:1'),          toolset='gcc-9',     cxxstd='14,17', variant='debug'),
-        linux_b2('Linux B2 gcc-10',               _image('build-gcc10:1'),         toolset='gcc-10',    cxxstd='17'),
-        linux_b2('Linux B2 gcc-11',               _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20'),
-        linux_b2('Linux B2 gcc-12',               _image('build-gcc12:1'),         toolset='gcc-12',    cxxstd='20,23', variant='debug'),
-        linux_b2('Linux B2 gcc-13',               _image('build-gcc13:1'),         toolset='gcc-13',    cxxstd='20', db='mysql-9_4_0:1'),
-        linux_b2('Linux B2 gcc-14',               _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23'),
-        linux_b2('Linux B2 gcc-15',               _image('build-gcc15:1'),         toolset='gcc-15',    cxxstd='23'),
-        linux_b2('Linux B2 gcc-sanit',            _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 gcc-valgrind',         _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', valgrind=1),
-        linux_b2('Linux B2 gcc-11-arm64',         _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='release'),
-        linux_b2('Linux B2 gcc-11-arm64-sanit',   _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='debug'),
-        linux_b2('Linux B2 noopenssl',            _image('build-noopenssl:1'),     toolset='gcc',       cxxstd='11', fail_if_no_openssl=0),
-
-        # B2 Windows
-        windows_b2('Windows B2 msvc14.1 32-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release',       address_model='32'),
-        windows_b2('Windows B2 msvc14.1 64-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17',    variant='release'),
-        windows_b2('Windows B2 msvc14.2',             _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17',    variant='release'),
-        windows_b2('Windows B2 msvc14.3',             _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='17,20',    variant='debug,release'),
-        windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20',       variant='release',       use_ts_executor=1),
-
-        # Benchmarks
-        bench('Benchmarks'),
-
-        # Docs
-        docs('Linux docs')
+        # linux_b2('Linux B2 clang-sanit',          _image('build-clang20:1'),       toolset='clang-20',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        # linux_b2('Linux B2 clang-i386-sanit',     _image('build-clang16-i386:1'),  toolset='clang-16',  cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1),
+
+        # linux_b2('Linux B2 gcc-5',                _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view
+        # linux_b2('Linux B2 gcc-5-ts-executor',    _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11', use_ts_executor=1),
+        # linux_b2('Linux B2 gcc-6-honly-dbg',      _image('build-gcc6:1'),          toolset='gcc-6',     cxxstd='14', variant='debug', separate_compilation=0),
+        # linux_b2('Linux B2 gcc-7',                _image('build-gcc7:1'),          toolset='gcc-7',     cxxstd='14,17', variant='debug'),
+        # linux_b2('Linux B2 gcc-8',                _image('build-gcc8:1'),          toolset='gcc-8',     cxxstd='17'),
+        # linux_b2('Linux B2 gcc-9',                _image('build-gcc9:1'),          toolset='gcc-9',     cxxstd='14,17', variant='debug'),
+        # linux_b2('Linux B2 gcc-10',               _image('build-gcc10:1'),         toolset='gcc-10',    cxxstd='17'),
+        # linux_b2('Linux B2 gcc-11',               _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20'),
+        # linux_b2('Linux B2 gcc-12',               _image('build-gcc12:1'),         toolset='gcc-12',    cxxstd='20,23', variant='debug'),
+        # linux_b2('Linux B2 gcc-13',               _image('build-gcc13:1'),         toolset='gcc-13',    cxxstd='20', db='mysql-9_4_0:1'),
+        # linux_b2('Linux B2 gcc-14',               _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23'),
+        # linux_b2('Linux B2 gcc-15',               _image('build-gcc15:1'),         toolset='gcc-15',    cxxstd='23'),
+        # linux_b2('Linux B2 gcc-sanit',            _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        # linux_b2('Linux B2 gcc-valgrind',         _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', valgrind=1),
+        # linux_b2('Linux B2 gcc-11-arm64',         _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='release'),
+        # linux_b2('Linux B2 gcc-11-arm64-sanit',   _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='debug'),
+        # linux_b2('Linux B2 noopenssl',            _image('build-noopenssl:1'),     toolset='gcc',       cxxstd='11', fail_if_no_openssl=0),
+
+        # # B2 Windows
+        # windows_b2('Windows B2 msvc14.1 32-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release',       address_model='32'),
+        # windows_b2('Windows B2 msvc14.1 64-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17',    variant='release'),
+        # windows_b2('Windows B2 msvc14.2',             _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17',    variant='release'),
+        # windows_b2('Windows B2 msvc14.3',             _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='17,20',    variant='debug,release'),
+        # windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20',       variant='release',       use_ts_executor=1),
+
+        # # Benchmarks
+        # bench('Benchmarks'),
+
+        # # Docs
+        # docs('Linux docs')
     ]
 

From 5d477da1fcd222f2d66797fcd02a8f759c2c6b0d Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 19:50:27 +0200
Subject: [PATCH 06/46] Proper volume definitions

---
 .drone.star | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

diff --git a/.drone.star b/.drone.star
index 7b83d21d6..54a834057 100644
--- a/.drone.star
+++ b/.drone.star
@@ -86,6 +86,18 @@ def _pipeline(
 ):
     steps = []
 
+    # Volumes, common to all steps
+    volumes = [
+        {
+            "name": "mysql-socket",
+            "path": "/var/run/mysqld"
+        },
+        {
+            "name": "tls-certificates",
+            "path": "/tls"
+        }
+    ]
+
     # Disable ASLR
     if disable_aslr:
         steps.append({
@@ -102,8 +114,9 @@ def _pipeline(
             "name": "Generate certificates",
             "image": image,
             "pull": "if-not-exists",
+            "volumes": volumes,
             "commands": [
-                "python tools/ci/gen-certificates.py"
+                "python tools/ci/gen-certificates.py /tls"
             ]
         })
     
@@ -127,16 +140,7 @@ def _pipeline(
                     --ssl-cert=/tls/server-cert.pem \
                     --ssl-key=/tls/server-key.pem"
             ],
-            "volumes": [
-                {
-                    "name": "mysql-socket",
-                    "path": "/var/run/mysqld"
-                },
-                {
-                    "name": "tls-certificates",
-                    "path": "/opt/ci-tls-mysql:/tls"
-                }
-            ]
+            "volumes": volumes
         })
     
     # Run the build
@@ -145,10 +149,7 @@ def _pipeline(
         "image": image,
         "pull": "if-not-exists",
         "privileged": arch == "arm64", # TSAN tests fail otherwise (personality syscall)
-        "volumes":[{
-            "name": "mysql-socket",
-            "path": "/var/run/mysqld"
-        }] if db != None else [],
+        "volumes": volumes,
         "commands": [command]
     })
 
@@ -175,7 +176,7 @@ def _pipeline(
                 "name": "tls-certificates",
                 "temp": {}
             }
-        ] if db != None else []
+        ]
     }
 
 

From 0374bcf2d22a6647b22c72beb80860f4804b9f54 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 19:51:32 +0200
Subject: [PATCH 07/46] Fully qualify path

---
 .github/workflows/coverage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 6f35ea5c2..70aea6a14 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -28,7 +28,7 @@ jobs:
 
       - name: Build code
         run: |
-          docker exec builder python tools/ci/main.py \
+          docker exec builder python /boost-mysql/tools/ci/main.py \
             --source-dir=/boost-mysql \
             b2 \
             --server-host=localhost \

From 75be3610e60970fdefe9b0d080c92115dd5b31b4 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 19:59:09 +0200
Subject: [PATCH 08/46] Debugging drone

---
 .drone.star | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/.drone.star b/.drone.star
index 54a834057..983e31c1c 100644
--- a/.drone.star
+++ b/.drone.star
@@ -134,11 +134,7 @@ def _pipeline(
             "entrypoint": [
                 "/bin/bash",
                 "-c",
-                r"chown -R mysql:mysql /var/run/mysqld && \
-                    /usr/local/bin/docker-entrypoint.sh mysqld \
-                    --ssl-ca=/tls/ca-cert.pem \
-                    --ssl-cert=/tls/server-cert.pem \
-                    --ssl-key=/tls/server-key.pem"
+                "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld --ssl-ca=/tls/ca-cert.pem --ssl-cert=/tls/server-cert.pem --ssl-key=/tls/server-key.pem"
             ],
             "volumes": volumes
         })

From 83fb7512d892df9612fad28ed77a30f255052afc Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:01:01 +0200
Subject: [PATCH 09/46] Fix detach

---
 .drone.star | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.star b/.drone.star
index 983e31c1c..2198db6d9 100644
--- a/.drone.star
+++ b/.drone.star
@@ -126,7 +126,7 @@ def _pipeline(
             "name": "mysql",
             "image": db.replace('-', ':'),
             "pull": "if-not-exists",
-            "detached": True,
+            "detach": True,
             "environment": {
                 "MYSQL_ALLOW_EMPTY_PASSWORD": "1",
                 "MYSQL_ROOT_PASSWORD": ""

From b1b46eb4fb09205eebd3363da0ef0276fb2ff472 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:07:01 +0200
Subject: [PATCH 10/46] Proper coverage volume dir

---
 tools/ci/docker-compose-coverage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/ci/docker-compose-coverage.yml b/tools/ci/docker-compose-coverage.yml
index dac47316f..4b0df9185 100644
--- a/tools/ci/docker-compose-coverage.yml
+++ b/tools/ci/docker-compose-coverage.yml
@@ -22,6 +22,6 @@ services:
     network_mode: host
     tty: true
     volumes:
-      - ./:/boost-mysql
+      - ../../:/boost-mysql
       - /opt/ci-tls-mysql:/tls
       - /var/run/mysqld:/var/run/mysqld

From 735cbaadc8c0895328dcb0a4119ba4817a1a713c Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:12:33 +0200
Subject: [PATCH 11/46] enable mysql_native_password

---
 .drone.star | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.drone.star b/.drone.star
index 2198db6d9..ed6d80233 100644
--- a/.drone.star
+++ b/.drone.star
@@ -134,7 +134,11 @@ def _pipeline(
             "entrypoint": [
                 "/bin/bash",
                 "-c",
-                "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld --ssl-ca=/tls/ca-cert.pem --ssl-cert=/tls/server-cert.pem --ssl-key=/tls/server-key.pem"
+                "chown -R mysql:mysql /var/run/mysqld /usr/local/bin/docker-entrypoint.sh mysqld " \
+                    "--ssl-ca=/tls/ca-cert.pem "\
+                    "--ssl-cert=/tls/server-cert.pem " \
+                    "--ssl-key=/tls/server-key.pem " \
+                    "--mysql-native-password=ON"
             ],
             "volumes": volumes
         })

From 9b2c9d2fecbee6da8128d7ce2a9df228dd96782d Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:22:11 +0200
Subject: [PATCH 12/46] Generic entry point

---
 .drone.star | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/.drone.star b/.drone.star
index ed6d80233..ac2b8348c 100644
--- a/.drone.star
+++ b/.drone.star
@@ -75,6 +75,27 @@ def _find_package_b2_command(source_dir, generator):
                 '--generator="{}" '.format(generator)
 
 
+def _make_entrypoint(db):
+    if db.startswith('mysql:'):
+        # MySQL generic. Sanitize UNIX socket permissions and launch the server with the adequate TLS files
+        res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld " \
+                    "--ssl-ca=/tls/ca-cert.pem "\
+                    "--ssl-cert=/tls/server-cert.pem " \
+                    "--ssl-key=/tls/server-key.pem "
+        if db.startswith('mysql:8.'):
+            # v8.x needs this flag to enable mysql_native_password
+            res += "--mysql-native-password=ON"
+    else:
+        # MariaDB changed the default socket path, so we provide it explicitly
+        res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mariadbd " \
+                    "--ssl-ca=/tls/ca-cert.pem "\
+                    "--ssl-cert=/tls/server-cert.pem " \
+                    "--ssl-key=/tls/server-key.pem " \
+                    "--socket=/var/run/mysqld/mysqld.sock"
+
+    return res
+
+
 def _pipeline(
     name,
     image,
@@ -124,7 +145,7 @@ def _pipeline(
     if db != None:
         steps.append({
             "name": "mysql",
-            "image": db.replace('-', ':'),
+            "image": db,
             "pull": "if-not-exists",
             "detach": True,
             "environment": {
@@ -134,11 +155,7 @@ def _pipeline(
             "entrypoint": [
                 "/bin/bash",
                 "-c",
-                "chown -R mysql:mysql /var/run/mysqld /usr/local/bin/docker-entrypoint.sh mysqld " \
-                    "--ssl-ca=/tls/ca-cert.pem "\
-                    "--ssl-cert=/tls/server-cert.pem " \
-                    "--ssl-key=/tls/server-key.pem " \
-                    "--mysql-native-password=ON"
+                _make_entrypoint(db)
             ],
             "volumes": volumes
         })
@@ -195,7 +212,7 @@ def linux_b2(
     valgrind=0,
     arch='amd64',
     fail_if_no_openssl=1,
-    db='mysql-8.4.1',
+    db='mysql:8.4.1',
 ):
     command = _b2_command(
         source_dir='$(pwd)',
@@ -247,7 +264,7 @@ def windows_b2(
 def linux_cmake(
     name,
     image,
-    db='mysql-8.4.1',
+    db='mysql:8.4.1',
     build_shared_libs=0,
     cmake_build_type='Debug',
     cxxstd='20',
@@ -316,7 +333,7 @@ def bench(name):
                 '--server-host=mysql ' + \
                 '--connection-pool-iters=1 ' + \
                 '--protocol-iters=1 '
-    return _pipeline(name=name, image=_image('build-bench:1'), os='linux', command=command, db='mysql-8.4.1')
+    return _pipeline(name=name, image=_image('build-bench:1'), os='linux', command=command, db='mysql:8.4.1')
 
 
 def docs(name):

From 340d8a7cf5373a9a01ce4dec4923ef1ce5f56cc5 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:26:05 +0200
Subject: [PATCH 13/46] adjust OSX build

---
 tools/osx-ci.cnf      | 6 +++---
 tools/setup_db_osx.sh | 6 ++++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/tools/osx-ci.cnf b/tools/osx-ci.cnf
index 146021e23..11d9d493c 100644
--- a/tools/osx-ci.cnf
+++ b/tools/osx-ci.cnf
@@ -7,9 +7,9 @@
 
 [mysqld]
 socket=/var/run/mysqld/mysqld.sock
-ssl-ca=/etc/ssl/certs/mysql/ca-cert.pem
-ssl-cert=/etc/ssl/certs/mysql/server-cert.pem
-ssl-key=/etc/ssl/certs/mysql/server-key.pem
+ssl-ca=/tmp/mysql-tls/ca-cert.pem
+ssl-cert=/tmp/mysql-tls/server-cert.pem
+ssl-key=/tmp/mysql-tls/server-key.pem
 
 [client]
 socket=/var/run/mysqld/mysqld.sock
\ No newline at end of file
diff --git a/tools/setup_db_osx.sh b/tools/setup_db_osx.sh
index 6ec0b1436..3a5037820 100644
--- a/tools/setup_db_osx.sh
+++ b/tools/setup_db_osx.sh
@@ -13,10 +13,12 @@
 brew install mysql@8.0
 export PATH="/opt/homebrew/opt/mysql@8.0/bin:$PATH"
 
+# Generate the certificates
+mkdir -p /tmp/mysql-tls
+python tools/ci/generate-certificates.py /tmp/mysql-tls
+
 # Copy config files and set up paths
 cp tools/osx-ci.cnf ~/.my.cnf
-sudo mkdir -p /etc/ssl/certs/mysql/
-sudo cp tools/ssl/*.pem /etc/ssl/certs/mysql/
 sudo mkdir -p /var/run/mysqld/
 sudo chmod 777 /var/run/mysqld/
 

From 8ba6a71dea96b06a9855e772db2a2c98871ad90d Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:35:54 +0200
Subject: [PATCH 14/46] Fuzz job

---
 .github/workflows/fuzz.yml       | 38 +++++++++++++++-----------------
 tools/ci/docker-compose-fuzz.yml | 27 +++++++++++++++++++++++
 2 files changed, 45 insertions(+), 20 deletions(-)
 create mode 100644 tools/ci/docker-compose-fuzz.yml

diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index e9aa8ce95..1d6bf30c4 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -10,7 +10,7 @@ name: fuzz
 on:
   push:
     branches: [develop, master]
-    tags: ['*']
+    tags: ["*"]
   pull_request:
   workflow_dispatch:
   schedule:
@@ -19,35 +19,33 @@ on:
 jobs:
   fuzz:
     runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1
-      volumes:
-        - /var/run/mysqld:/var/run/mysqld
-    services:
-      mysql:
-        image: ghcr.io/anarthal/cpp-ci-containers/mysql-8_4_1:1
-        ports:
-          - 3306:3306
-        volumes:
-          - /var/run/mysqld:/var/run/mysqld
     steps:
       - name: Fetch code
         uses: actions/checkout@v4
 
+      - name: Start containers
+        uses: hoverkraft-tech/compose-action@v2.5.0
+        with:
+          compose-file: ./tools/ci/docker-compose-fuzz.yml
+
       - name: Restore corpus
         uses: actions/cache@v4
         with:
           path: /tmp/corpus.tar.gz
           key: corpus-${{ github.run_id }}
           restore-keys: corpus-
-        
+
       # Note: this will take care of using the corpus and updating it
       - name: Build and run the fuzzer
         run: |
-          python tools/ci/main.py \
-            --source-dir=$(pwd) \
-            fuzz \
-            --server-host=mysql
+          docker exec builder python /boost-mysql/tools/ci/main.py \
+            --source-dir=/boost-mysql \
+            fuzz
+
+      - name: Copy crashes from container
+        if: always()
+        run: |
+          docker exec builder bash -c 'cp /root/boost-root/crash-* /root/boost-root/leak-* /root/boost-root/timeout-* /boost-mysql/'
 
       - name: Archive any crashes as an artifact
         uses: actions/upload-artifact@v4
@@ -55,7 +53,7 @@ jobs:
         with:
           name: crashes
           path: |
-            ~/boost-root/crash-*
-            ~/boost-root/leak-*
-            ~/boost-root/timeout-*
+            crash-*
+            leak-*
+            timeout-*
           if-no-files-found: ignore
diff --git a/tools/ci/docker-compose-fuzz.yml b/tools/ci/docker-compose-fuzz.yml
new file mode 100644
index 000000000..9e5e1ae3a
--- /dev/null
+++ b/tools/ci/docker-compose-fuzz.yml
@@ -0,0 +1,27 @@
+services:
+  mysql:
+    image: mysql:8.4.1
+    network_mode: host
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: "1"
+      MYSQL_ROOT_PASSWORD: ""
+    volumes:
+      - /opt/ci-tls-mysql:/tls
+      - /var/run/mysqld:/var/run/mysqld
+    command: >
+      /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \
+        /usr/local/bin/docker-entrypoint.sh mysqld \
+          --mysql-native-password=ON \
+          --ssl-ca=/tls/ca-cert.pem \
+          --ssl-cert=/tls/server-cert.pem \
+          --ssl-key=/tls/server-key.pem
+        '
+  builder:
+    container_name: builder
+    image: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1
+    network_mode: host
+    tty: true
+    volumes:
+      - ../../:/boost-mysql
+      - /opt/ci-tls-mysql:/tls
+      - /var/run/mysqld:/var/run/mysqld

From 711946aeb0eec3e8c29e8acef1769b042552c0ca Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:36:30 +0200
Subject: [PATCH 15/46] Remove docker compose

---
 tools/scripts/docker-compose.yml | 54 --------------------------------
 1 file changed, 54 deletions(-)
 delete mode 100644 tools/scripts/docker-compose.yml

diff --git a/tools/scripts/docker-compose.yml b/tools/scripts/docker-compose.yml
deleted file mode 100644
index c83ebeb88..000000000
--- a/tools/scripts/docker-compose.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-services:
-  mysql-5.7.41:
-    container_name: mysql-5.7.41
-    image: mysql:5.7.41
-    network_mode: host
-    environment:
-      MYSQL_ALLOW_EMPTY_PASSWORD: "1"
-      MYSQL_ROOT_PASSWORD: ""
-    volumes:
-      - /opt/ci-tls-mysql:/tls
-      - /var/run/mysqld:/var/run/mysqld
-    command: >
-      /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \
-        /usr/local/bin/docker-entrypoint.sh mysqld \
-          --ssl-ca=/tls/ca-cert.pem \
-          --ssl-cert=/tls/server-cert.pem \
-          --ssl-key=/tls/server-key.pem
-        '
-
-  mysql-8.4.1:
-    container_name: mysql-8.4.1
-    image: mysql:8.4.1
-    network_mode: host
-    environment:
-      MYSQL_ALLOW_EMPTY_PASSWORD: "1"
-      MYSQL_ROOT_PASSWORD: ""
-    volumes:
-      - /opt/ci-tls-mysql:/tls
-      - /var/run/mysqld:/var/run/mysqld
-    command: >
-      /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \
-        /usr/local/bin/docker-entrypoint.sh mysqld \
-          --mysql-native-password=ON \
-          --ssl-ca=/tls/ca-cert.pem \
-          --ssl-cert=/tls/server-cert.pem \
-          --ssl-key=/tls/server-key.pem
-        '
-  mysql-9.4.0:
-    container_name: mysql-9.4.0
-    image: mysql:9.4.0
-    network_mode: host
-    environment:
-      MYSQL_ALLOW_EMPTY_PASSWORD: "1"
-      MYSQL_ROOT_PASSWORD: ""
-    volumes:
-      - /opt/ci-tls-mysql:/tls
-      - /var/run/mysqld:/var/run/mysqld
-    command: >
-      /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \
-        /usr/local/bin/docker-entrypoint.sh mysqld \
-          --ssl-ca=/tls/ca-cert.pem \
-          --ssl-cert=/tls/server-cert.pem \
-          --ssl-key=/tls/server-key.pem
-        '

From 77d4170e5353fca95f585760bbe0b042a67deaaf Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:38:12 +0200
Subject: [PATCH 16/46] Reduce compose duplication

---
 .github/workflows/coverage.yml                |  4 ++-
 .github/workflows/fuzz.yml                    |  4 ++-
 tools/ci/docker-compose-coverage.yml          | 27 -------------------
 ...er-compose-fuzz.yml => docker-compose.yml} |  2 +-
 4 files changed, 7 insertions(+), 30 deletions(-)
 delete mode 100644 tools/ci/docker-compose-coverage.yml
 rename tools/ci/{docker-compose-fuzz.yml => docker-compose.yml} (92%)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 70aea6a14..c4394922d 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -24,7 +24,9 @@ jobs:
       - name: Start containers
         uses: hoverkraft-tech/compose-action@v2.5.0
         with:
-          compose-file: ./tools/ci/docker-compose-coverage.yml
+          compose-file: ./tools/ci/docker-compose.yml
+        env:
+          BUILDER_IMAGE: ghcr.io/anarthal/cpp-ci-containers/build-gcc14-lcov:1
 
       - name: Build code
         run: |
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index 1d6bf30c4..d99c64f38 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -26,7 +26,9 @@ jobs:
       - name: Start containers
         uses: hoverkraft-tech/compose-action@v2.5.0
         with:
-          compose-file: ./tools/ci/docker-compose-fuzz.yml
+          compose-file: ./tools/ci/docker-compose.yml
+        env:
+          BUILDER_IMAGE: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1
 
       - name: Restore corpus
         uses: actions/cache@v4
diff --git a/tools/ci/docker-compose-coverage.yml b/tools/ci/docker-compose-coverage.yml
deleted file mode 100644
index 4b0df9185..000000000
--- a/tools/ci/docker-compose-coverage.yml
+++ /dev/null
@@ -1,27 +0,0 @@
-services:
-  mysql:
-    image: mysql:8.4.1
-    network_mode: host
-    environment:
-      MYSQL_ALLOW_EMPTY_PASSWORD: "1"
-      MYSQL_ROOT_PASSWORD: ""
-    volumes:
-      - /opt/ci-tls-mysql:/tls
-      - /var/run/mysqld:/var/run/mysqld
-    command: >
-      /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \
-        /usr/local/bin/docker-entrypoint.sh mysqld \
-          --mysql-native-password=ON \
-          --ssl-ca=/tls/ca-cert.pem \
-          --ssl-cert=/tls/server-cert.pem \
-          --ssl-key=/tls/server-key.pem
-        '
-  builder:
-    container_name: builder
-    image: ghcr.io/anarthal/cpp-ci-containers/build-gcc14-lcov:1
-    network_mode: host
-    tty: true
-    volumes:
-      - ../../:/boost-mysql
-      - /opt/ci-tls-mysql:/tls
-      - /var/run/mysqld:/var/run/mysqld
diff --git a/tools/ci/docker-compose-fuzz.yml b/tools/ci/docker-compose.yml
similarity index 92%
rename from tools/ci/docker-compose-fuzz.yml
rename to tools/ci/docker-compose.yml
index 9e5e1ae3a..be147b5e9 100644
--- a/tools/ci/docker-compose-fuzz.yml
+++ b/tools/ci/docker-compose.yml
@@ -18,7 +18,7 @@ services:
         '
   builder:
     container_name: builder
-    image: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1
+    image: ${BUILDER_IMAGE}
     network_mode: host
     tty: true
     volumes:

From 3198101e580581abe481568e3235f7f208b37bb2 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:39:23 +0200
Subject: [PATCH 17/46] Fix multiline string literals

---
 .drone.star | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/.drone.star b/.drone.star
index ac2b8348c..772ede7d8 100644
--- a/.drone.star
+++ b/.drone.star
@@ -78,19 +78,19 @@ def _find_package_b2_command(source_dir, generator):
 def _make_entrypoint(db):
     if db.startswith('mysql:'):
         # MySQL generic. Sanitize UNIX socket permissions and launch the server with the adequate TLS files
-        res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld " \
-                    "--ssl-ca=/tls/ca-cert.pem "\
-                    "--ssl-cert=/tls/server-cert.pem " \
+        res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld " + \
+                    "--ssl-ca=/tls/ca-cert.pem " + \
+                    "--ssl-cert=/tls/server-cert.pem " + \
                     "--ssl-key=/tls/server-key.pem "
         if db.startswith('mysql:8.'):
             # v8.x needs this flag to enable mysql_native_password
             res += "--mysql-native-password=ON"
     else:
         # MariaDB changed the default socket path, so we provide it explicitly
-        res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mariadbd " \
-                    "--ssl-ca=/tls/ca-cert.pem "\
-                    "--ssl-cert=/tls/server-cert.pem " \
-                    "--ssl-key=/tls/server-key.pem " \
+        res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mariadbd " + \
+                    "--ssl-ca=/tls/ca-cert.pem " + \
+                    "--ssl-cert=/tls/server-cert.pem " + \
+                    "--ssl-key=/tls/server-key.pem " + \
                     "--socket=/var/run/mysqld/mysqld.sock"
 
     return res

From 4b188a504fcd50eb145b8dc346af1f0e886d9673 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:40:22 +0200
Subject: [PATCH 18/46] recover drone jobs

---
 .drone.star | 146 ++++++++++++++++++++++++++--------------------------
 1 file changed, 73 insertions(+), 73 deletions(-)

diff --git a/.drone.star b/.drone.star
index 772ede7d8..d0d243a7c 100644
--- a/.drone.star
+++ b/.drone.star
@@ -348,79 +348,79 @@ def docs(name):
 
 def main(ctx):
     return [
-        # # CMake Linux
-        # linux_cmake('Linux CMake MySQL 5.x',      _image('build-gcc14:1'), db='mysql-5_7_41:1',   build_shared_libs=0),
-        # linux_cmake('Linux CMake MariaDB',        _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1),
-        # linux_cmake('Linux CMake cmake 3.8',      _image('build-cmake3_8:3'), cxxstd='11', install_test=0),
-        # linux_cmake('Linux CMake gcc Release',    _image('build-gcc14:1'), cmake_build_type='Release'),
-        # linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'),
-        # linux_cmake_noopenssl('Linux CMake no OpenSSL'),
-        # linux_cmake_nointeg('Linux CMake without integration tests'),
-
-        # # CMake Windows
-        # windows_cmake('Windows CMake static', build_shared_libs=0),
-        # windows_cmake('Windows CMake shared', build_shared_libs=1),
-
-        # # find_package with B2 distribution
-        # find_package_b2_linux('Linux find_package b2 distribution'),
-        # find_package_b2_windows('Windows find_package b2 distribution'),
-
-        # # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever
-        # # Default Ubuntu compilers:
-        # #   Ubuntu 16.04: gcc5,  clang 3.8
-        # #   Ubuntu 18.04: gcc7,  clang 7
-        # #   Ubuntu 20.04: gcc9,  clang 10
-        # #   Ubuntu 22.04: gcc11, clang 14
-        # #   Ubuntu 24.04: gcc13, clang 18
-        # linux_b2('Linux B2 clang-4',              _image('build-clang4:1'),        toolset='clang-4',   cxxstd='14'),
-        # linux_b2('Linux B2 clang-5-honly-dbg',    _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14', separate_compilation=0),
-        # linux_b2('Linux B2 clang-6',              _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14'),
-        # linux_b2('Linux B2 clang-7',              _image('build-clang7:2'),        toolset='clang-7',   cxxstd='14,17'),
-        # linux_b2('Linux B2 clang-8',              _image('build-clang8:2'),        toolset='clang-8',   cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        # linux_b2('Linux B2 clang-9',              _image('build-clang9:2'),        toolset='clang-9',   cxxstd='17', variant='release'),
-        # linux_b2('Linux B2 clang-10',             _image('build-clang10:2'),       toolset='clang-10',  cxxstd='17,20', variant='debug'),
-        # linux_b2('Linux B2 clang-11',             _image('build-clang11:2'),       toolset='clang-11',  cxxstd='20'),
-        # linux_b2('Linux B2 clang-12',             _image('build-clang12:2'),       toolset='clang-12',  cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1),
-        # linux_b2('Linux B2 clang-13',             _image('build-clang13:1'),       toolset='clang-13',  cxxstd='20', db='mysql-9_4_0:1'),
-        # linux_b2('Linux B2 clang-14',             _image('build-clang14:1'),       toolset='clang-14',  cxxstd='20', variant='debug'),
-        # linux_b2('Linux B2 clang-15',             _image('build-clang15:1'),       toolset='clang-15',  cxxstd='20', variant='debug'),
-        # linux_b2('Linux B2 clang-16',             _image('build-clang16:1'),       toolset='clang-16',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        # linux_b2('Linux B2 clang-17-honly-rls',   _image('build-clang17:1'),       toolset='clang-17',  cxxstd='20', variant='release', separate_compilation=0),
-        # linux_b2('Linux B2 clang-18-honly-dbg',   _image('build-clang18:1'),       toolset='clang-18',  cxxstd='20', variant='debug', separate_compilation=0),
-        # linux_b2('Linux B2 clang-19-libc++',      _image('build-clang19:1'),       toolset='clang-19',  cxxstd='23', stdlib='libc++'),
+        # CMake Linux
+        linux_cmake('Linux CMake MySQL 5.x',      _image('build-gcc14:1'), db='mysql-5_7_41:1',   build_shared_libs=0),
+        linux_cmake('Linux CMake MariaDB',        _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1),
+        linux_cmake('Linux CMake cmake 3.8',      _image('build-cmake3_8:3'), cxxstd='11', install_test=0),
+        linux_cmake('Linux CMake gcc Release',    _image('build-gcc14:1'), cmake_build_type='Release'),
+        linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'),
+        linux_cmake_noopenssl('Linux CMake no OpenSSL'),
+        linux_cmake_nointeg('Linux CMake without integration tests'),
+
+        # CMake Windows
+        windows_cmake('Windows CMake static', build_shared_libs=0),
+        windows_cmake('Windows CMake shared', build_shared_libs=1),
+
+        # find_package with B2 distribution
+        find_package_b2_linux('Linux find_package b2 distribution'),
+        find_package_b2_windows('Windows find_package b2 distribution'),
+
+        # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever
+        # Default Ubuntu compilers:
+        #   Ubuntu 16.04: gcc5,  clang 3.8
+        #   Ubuntu 18.04: gcc7,  clang 7
+        #   Ubuntu 20.04: gcc9,  clang 10
+        #   Ubuntu 22.04: gcc11, clang 14
+        #   Ubuntu 24.04: gcc13, clang 18
+        linux_b2('Linux B2 clang-4',              _image('build-clang4:1'),        toolset='clang-4',   cxxstd='14'),
+        linux_b2('Linux B2 clang-5-honly-dbg',    _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14', separate_compilation=0),
+        linux_b2('Linux B2 clang-6',              _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14'),
+        linux_b2('Linux B2 clang-7',              _image('build-clang7:2'),        toolset='clang-7',   cxxstd='14,17'),
+        linux_b2('Linux B2 clang-8',              _image('build-clang8:2'),        toolset='clang-8',   cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        linux_b2('Linux B2 clang-9',              _image('build-clang9:2'),        toolset='clang-9',   cxxstd='17', variant='release'),
+        linux_b2('Linux B2 clang-10',             _image('build-clang10:2'),       toolset='clang-10',  cxxstd='17,20', variant='debug'),
+        linux_b2('Linux B2 clang-11',             _image('build-clang11:2'),       toolset='clang-11',  cxxstd='20'),
+        linux_b2('Linux B2 clang-12',             _image('build-clang12:2'),       toolset='clang-12',  cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1),
+        linux_b2('Linux B2 clang-13',             _image('build-clang13:1'),       toolset='clang-13',  cxxstd='20', db='mysql-9_4_0:1'),
+        linux_b2('Linux B2 clang-14',             _image('build-clang14:1'),       toolset='clang-14',  cxxstd='20', variant='debug'),
+        linux_b2('Linux B2 clang-15',             _image('build-clang15:1'),       toolset='clang-15',  cxxstd='20', variant='debug'),
+        linux_b2('Linux B2 clang-16',             _image('build-clang16:1'),       toolset='clang-16',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        linux_b2('Linux B2 clang-17-honly-rls',   _image('build-clang17:1'),       toolset='clang-17',  cxxstd='20', variant='release', separate_compilation=0),
+        linux_b2('Linux B2 clang-18-honly-dbg',   _image('build-clang18:1'),       toolset='clang-18',  cxxstd='20', variant='debug', separate_compilation=0),
+        linux_b2('Linux B2 clang-19-libc++',      _image('build-clang19:1'),       toolset='clang-19',  cxxstd='23', stdlib='libc++'),
         linux_b2('Linux B2 clang-20',             _image('build-clang20:1'),       toolset='clang-20',  cxxstd='23'),
-        # linux_b2('Linux B2 clang-sanit',          _image('build-clang20:1'),       toolset='clang-20',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        # linux_b2('Linux B2 clang-i386-sanit',     _image('build-clang16-i386:1'),  toolset='clang-16',  cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1),
-
-        # linux_b2('Linux B2 gcc-5',                _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view
-        # linux_b2('Linux B2 gcc-5-ts-executor',    _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11', use_ts_executor=1),
-        # linux_b2('Linux B2 gcc-6-honly-dbg',      _image('build-gcc6:1'),          toolset='gcc-6',     cxxstd='14', variant='debug', separate_compilation=0),
-        # linux_b2('Linux B2 gcc-7',                _image('build-gcc7:1'),          toolset='gcc-7',     cxxstd='14,17', variant='debug'),
-        # linux_b2('Linux B2 gcc-8',                _image('build-gcc8:1'),          toolset='gcc-8',     cxxstd='17'),
-        # linux_b2('Linux B2 gcc-9',                _image('build-gcc9:1'),          toolset='gcc-9',     cxxstd='14,17', variant='debug'),
-        # linux_b2('Linux B2 gcc-10',               _image('build-gcc10:1'),         toolset='gcc-10',    cxxstd='17'),
-        # linux_b2('Linux B2 gcc-11',               _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20'),
-        # linux_b2('Linux B2 gcc-12',               _image('build-gcc12:1'),         toolset='gcc-12',    cxxstd='20,23', variant='debug'),
-        # linux_b2('Linux B2 gcc-13',               _image('build-gcc13:1'),         toolset='gcc-13',    cxxstd='20', db='mysql-9_4_0:1'),
-        # linux_b2('Linux B2 gcc-14',               _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23'),
-        # linux_b2('Linux B2 gcc-15',               _image('build-gcc15:1'),         toolset='gcc-15',    cxxstd='23'),
-        # linux_b2('Linux B2 gcc-sanit',            _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        # linux_b2('Linux B2 gcc-valgrind',         _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', valgrind=1),
-        # linux_b2('Linux B2 gcc-11-arm64',         _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='release'),
-        # linux_b2('Linux B2 gcc-11-arm64-sanit',   _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='debug'),
-        # linux_b2('Linux B2 noopenssl',            _image('build-noopenssl:1'),     toolset='gcc',       cxxstd='11', fail_if_no_openssl=0),
-
-        # # B2 Windows
-        # windows_b2('Windows B2 msvc14.1 32-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release',       address_model='32'),
-        # windows_b2('Windows B2 msvc14.1 64-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17',    variant='release'),
-        # windows_b2('Windows B2 msvc14.2',             _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17',    variant='release'),
-        # windows_b2('Windows B2 msvc14.3',             _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='17,20',    variant='debug,release'),
-        # windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20',       variant='release',       use_ts_executor=1),
-
-        # # Benchmarks
-        # bench('Benchmarks'),
-
-        # # Docs
-        # docs('Linux docs')
+        linux_b2('Linux B2 clang-sanit',          _image('build-clang20:1'),       toolset='clang-20',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        linux_b2('Linux B2 clang-i386-sanit',     _image('build-clang16-i386:1'),  toolset='clang-16',  cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1),
+
+        linux_b2('Linux B2 gcc-5',                _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view
+        linux_b2('Linux B2 gcc-5-ts-executor',    _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11', use_ts_executor=1),
+        linux_b2('Linux B2 gcc-6-honly-dbg',      _image('build-gcc6:1'),          toolset='gcc-6',     cxxstd='14', variant='debug', separate_compilation=0),
+        linux_b2('Linux B2 gcc-7',                _image('build-gcc7:1'),          toolset='gcc-7',     cxxstd='14,17', variant='debug'),
+        linux_b2('Linux B2 gcc-8',                _image('build-gcc8:1'),          toolset='gcc-8',     cxxstd='17'),
+        linux_b2('Linux B2 gcc-9',                _image('build-gcc9:1'),          toolset='gcc-9',     cxxstd='14,17', variant='debug'),
+        linux_b2('Linux B2 gcc-10',               _image('build-gcc10:1'),         toolset='gcc-10',    cxxstd='17'),
+        linux_b2('Linux B2 gcc-11',               _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20'),
+        linux_b2('Linux B2 gcc-12',               _image('build-gcc12:1'),         toolset='gcc-12',    cxxstd='20,23', variant='debug'),
+        linux_b2('Linux B2 gcc-13',               _image('build-gcc13:1'),         toolset='gcc-13',    cxxstd='20', db='mysql-9_4_0:1'),
+        linux_b2('Linux B2 gcc-14',               _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23'),
+        linux_b2('Linux B2 gcc-15',               _image('build-gcc15:1'),         toolset='gcc-15',    cxxstd='23'),
+        linux_b2('Linux B2 gcc-sanit',            _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        linux_b2('Linux B2 gcc-valgrind',         _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', valgrind=1),
+        linux_b2('Linux B2 gcc-11-arm64',         _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='release'),
+        linux_b2('Linux B2 gcc-11-arm64-sanit',   _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='debug'),
+        linux_b2('Linux B2 noopenssl',            _image('build-noopenssl:1'),     toolset='gcc',       cxxstd='11', fail_if_no_openssl=0),
+
+        # B2 Windows
+        windows_b2('Windows B2 msvc14.1 32-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release',       address_model='32'),
+        windows_b2('Windows B2 msvc14.1 64-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17',    variant='release'),
+        windows_b2('Windows B2 msvc14.2',             _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17',    variant='release'),
+        windows_b2('Windows B2 msvc14.3',             _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='17,20',    variant='debug,release'),
+        windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20',       variant='release',       use_ts_executor=1),
+
+        # Benchmarks
+        bench('Benchmarks'),
+
+        # Docs
+        docs('Linux docs')
     ]
 

From 0f4f1c7a847a076d4e138e9fba852e6b8c0f5677 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 29 Mar 2026 20:41:54 +0200
Subject: [PATCH 19/46] Fix DB versions

---
 .drone.star | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.drone.star b/.drone.star
index d0d243a7c..54bfada89 100644
--- a/.drone.star
+++ b/.drone.star
@@ -349,8 +349,8 @@ def docs(name):
 def main(ctx):
     return [
         # CMake Linux
-        linux_cmake('Linux CMake MySQL 5.x',      _image('build-gcc14:1'), db='mysql-5_7_41:1',   build_shared_libs=0),
-        linux_cmake('Linux CMake MariaDB',        _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1),
+        linux_cmake('Linux CMake MySQL 5.x',      _image('build-gcc14:1'), db='mysql:5.7.41',   build_shared_libs=0),
+        linux_cmake('Linux CMake MariaDB',        _image('build-gcc14:1'), db='mariadb:11.4.2', build_shared_libs=1),
         linux_cmake('Linux CMake cmake 3.8',      _image('build-cmake3_8:3'), cxxstd='11', install_test=0),
         linux_cmake('Linux CMake gcc Release',    _image('build-gcc14:1'), cmake_build_type='Release'),
         linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'),
@@ -381,7 +381,7 @@ def main(ctx):
         linux_b2('Linux B2 clang-10',             _image('build-clang10:2'),       toolset='clang-10',  cxxstd='17,20', variant='debug'),
         linux_b2('Linux B2 clang-11',             _image('build-clang11:2'),       toolset='clang-11',  cxxstd='20'),
         linux_b2('Linux B2 clang-12',             _image('build-clang12:2'),       toolset='clang-12',  cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 clang-13',             _image('build-clang13:1'),       toolset='clang-13',  cxxstd='20', db='mysql-9_4_0:1'),
+        linux_b2('Linux B2 clang-13',             _image('build-clang13:1'),       toolset='clang-13',  cxxstd='20', db='mysql:9.4.0'),
         linux_b2('Linux B2 clang-14',             _image('build-clang14:1'),       toolset='clang-14',  cxxstd='20', variant='debug'),
         linux_b2('Linux B2 clang-15',             _image('build-clang15:1'),       toolset='clang-15',  cxxstd='20', variant='debug'),
         linux_b2('Linux B2 clang-16',             _image('build-clang16:1'),       toolset='clang-16',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
@@ -401,7 +401,7 @@ def main(ctx):
         linux_b2('Linux B2 gcc-10',               _image('build-gcc10:1'),         toolset='gcc-10',    cxxstd='17'),
         linux_b2('Linux B2 gcc-11',               _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20'),
         linux_b2('Linux B2 gcc-12',               _image('build-gcc12:1'),         toolset='gcc-12',    cxxstd='20,23', variant='debug'),
-        linux_b2('Linux B2 gcc-13',               _image('build-gcc13:1'),         toolset='gcc-13',    cxxstd='20', db='mysql-9_4_0:1'),
+        linux_b2('Linux B2 gcc-13',               _image('build-gcc13:1'),         toolset='gcc-13',    cxxstd='20', db='mysql:9.4.0'),
         linux_b2('Linux B2 gcc-14',               _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23'),
         linux_b2('Linux B2 gcc-15',               _image('build-gcc15:1'),         toolset='gcc-15',    cxxstd='23'),
         linux_b2('Linux B2 gcc-sanit',            _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1),

From 85b3c5a2625d84e53e6678645f0d13ca85367ae7 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Tue, 31 Mar 2026 13:48:44 +0200
Subject: [PATCH 20/46] Attempt to fix cert problems in drone

---
 .drone.star | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/.drone.star b/.drone.star
index 54bfada89..e96fa18f1 100644
--- a/.drone.star
+++ b/.drone.star
@@ -117,7 +117,7 @@ def _pipeline(
             "name": "tls-certificates",
             "path": "/tls"
         }
-    ]
+    ] if db != None else []
 
     # Disable ASLR
     if disable_aslr:
@@ -130,14 +130,17 @@ def _pipeline(
         })
     
     # Generate certificates
-    if db != None:
+    gen_certificates = db != None or os == "windows"
+    cert_path = "C:\\ssl\\" if os == "windows" else "/tls/"
+    ca_path = cert_path + "ca-cert.pem"
+    if gen_certificates:
         steps.append({
             "name": "Generate certificates",
             "image": image,
             "pull": "if-not-exists",
             "volumes": volumes,
             "commands": [
-                "python tools/ci/gen-certificates.py /tls"
+                "python tools/ci/gen-certificates.py {}".format(cert_path)
             ]
         })
     
@@ -159,6 +162,15 @@ def _pipeline(
             ],
             "volumes": volumes
         })
+    elif os == "windows":
+        steps.append({
+            "name": "Restart MySQL",
+            "commands": [
+                "net stop MySQL",
+                "net start MySQL"
+            ]
+        })
+
     
     # Run the build
     steps.append({
@@ -167,6 +179,9 @@ def _pipeline(
         "pull": "if-not-exists",
         "privileged": arch == "arm64", # TSAN tests fail otherwise (personality syscall)
         "volumes": volumes,
+        "environment": {
+            "BOOST_MYSQL_CA_CERTIFICATE": ca_path
+        },
         "commands": [command]
     })
 

From d1dd559a14cb36d8d036efc6655e5f4ec7c2c223 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Tue, 31 Mar 2026 13:50:58 +0200
Subject: [PATCH 21/46] fix osx typo

---
 tools/setup_db_osx.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/setup_db_osx.sh b/tools/setup_db_osx.sh
index 3a5037820..9d1800987 100644
--- a/tools/setup_db_osx.sh
+++ b/tools/setup_db_osx.sh
@@ -15,7 +15,7 @@ export PATH="/opt/homebrew/opt/mysql@8.0/bin:$PATH"
 
 # Generate the certificates
 mkdir -p /tmp/mysql-tls
-python tools/ci/generate-certificates.py /tmp/mysql-tls
+python tools/ci/gen-certificates.py /tmp/mysql-tls
 
 # Copy config files and set up paths
 cp tools/osx-ci.cnf ~/.my.cnf

From 5a0bb505320c7b9a9aca5db12ab9ae72a0fa0163 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Tue, 31 Mar 2026 13:58:31 +0200
Subject: [PATCH 22/46] Fix fuzz

---
 .github/workflows/fuzz.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index d99c64f38..6e2dfba86 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -47,7 +47,7 @@ jobs:
       - name: Copy crashes from container
         if: always()
         run: |
-          docker exec builder bash -c 'cp /root/boost-root/crash-* /root/boost-root/leak-* /root/boost-root/timeout-* /boost-mysql/'
+          docker exec builder bash -c 'cp /root/boost-root/crash-* /root/boost-root/leak-* /root/boost-root/timeout-* /boost-mysql/ || true'
 
       - name: Archive any crashes as an artifact
         uses: actions/upload-artifact@v4

From 88d48cc5b0347ce34caced905d85ed2c67496630 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Tue, 19 May 2026 20:15:04 +0200
Subject: [PATCH 23/46] Make debugging easier

---
 .drone.star | 138 ++++++++++++++++++++++++++--------------------------
 1 file changed, 69 insertions(+), 69 deletions(-)

diff --git a/.drone.star b/.drone.star
index e96fa18f1..76275fc15 100644
--- a/.drone.star
+++ b/.drone.star
@@ -363,79 +363,79 @@ def docs(name):
 
 def main(ctx):
     return [
-        # CMake Linux
-        linux_cmake('Linux CMake MySQL 5.x',      _image('build-gcc14:1'), db='mysql:5.7.41',   build_shared_libs=0),
-        linux_cmake('Linux CMake MariaDB',        _image('build-gcc14:1'), db='mariadb:11.4.2', build_shared_libs=1),
-        linux_cmake('Linux CMake cmake 3.8',      _image('build-cmake3_8:3'), cxxstd='11', install_test=0),
-        linux_cmake('Linux CMake gcc Release',    _image('build-gcc14:1'), cmake_build_type='Release'),
-        linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'),
-        linux_cmake_noopenssl('Linux CMake no OpenSSL'),
-        linux_cmake_nointeg('Linux CMake without integration tests'),
-
-        # CMake Windows
-        windows_cmake('Windows CMake static', build_shared_libs=0),
-        windows_cmake('Windows CMake shared', build_shared_libs=1),
-
-        # find_package with B2 distribution
-        find_package_b2_linux('Linux find_package b2 distribution'),
-        find_package_b2_windows('Windows find_package b2 distribution'),
-
-        # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever
-        # Default Ubuntu compilers:
-        #   Ubuntu 16.04: gcc5,  clang 3.8
-        #   Ubuntu 18.04: gcc7,  clang 7
-        #   Ubuntu 20.04: gcc9,  clang 10
-        #   Ubuntu 22.04: gcc11, clang 14
-        #   Ubuntu 24.04: gcc13, clang 18
-        linux_b2('Linux B2 clang-4',              _image('build-clang4:1'),        toolset='clang-4',   cxxstd='14'),
-        linux_b2('Linux B2 clang-5-honly-dbg',    _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14', separate_compilation=0),
-        linux_b2('Linux B2 clang-6',              _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14'),
-        linux_b2('Linux B2 clang-7',              _image('build-clang7:2'),        toolset='clang-7',   cxxstd='14,17'),
-        linux_b2('Linux B2 clang-8',              _image('build-clang8:2'),        toolset='clang-8',   cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 clang-9',              _image('build-clang9:2'),        toolset='clang-9',   cxxstd='17', variant='release'),
-        linux_b2('Linux B2 clang-10',             _image('build-clang10:2'),       toolset='clang-10',  cxxstd='17,20', variant='debug'),
-        linux_b2('Linux B2 clang-11',             _image('build-clang11:2'),       toolset='clang-11',  cxxstd='20'),
-        linux_b2('Linux B2 clang-12',             _image('build-clang12:2'),       toolset='clang-12',  cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 clang-13',             _image('build-clang13:1'),       toolset='clang-13',  cxxstd='20', db='mysql:9.4.0'),
-        linux_b2('Linux B2 clang-14',             _image('build-clang14:1'),       toolset='clang-14',  cxxstd='20', variant='debug'),
-        linux_b2('Linux B2 clang-15',             _image('build-clang15:1'),       toolset='clang-15',  cxxstd='20', variant='debug'),
-        linux_b2('Linux B2 clang-16',             _image('build-clang16:1'),       toolset='clang-16',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 clang-17-honly-rls',   _image('build-clang17:1'),       toolset='clang-17',  cxxstd='20', variant='release', separate_compilation=0),
-        linux_b2('Linux B2 clang-18-honly-dbg',   _image('build-clang18:1'),       toolset='clang-18',  cxxstd='20', variant='debug', separate_compilation=0),
-        linux_b2('Linux B2 clang-19-libc++',      _image('build-clang19:1'),       toolset='clang-19',  cxxstd='23', stdlib='libc++'),
-        linux_b2('Linux B2 clang-20',             _image('build-clang20:1'),       toolset='clang-20',  cxxstd='23'),
-        linux_b2('Linux B2 clang-sanit',          _image('build-clang20:1'),       toolset='clang-20',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 clang-i386-sanit',     _image('build-clang16-i386:1'),  toolset='clang-16',  cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1),
-
-        linux_b2('Linux B2 gcc-5',                _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view
-        linux_b2('Linux B2 gcc-5-ts-executor',    _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11', use_ts_executor=1),
-        linux_b2('Linux B2 gcc-6-honly-dbg',      _image('build-gcc6:1'),          toolset='gcc-6',     cxxstd='14', variant='debug', separate_compilation=0),
-        linux_b2('Linux B2 gcc-7',                _image('build-gcc7:1'),          toolset='gcc-7',     cxxstd='14,17', variant='debug'),
-        linux_b2('Linux B2 gcc-8',                _image('build-gcc8:1'),          toolset='gcc-8',     cxxstd='17'),
-        linux_b2('Linux B2 gcc-9',                _image('build-gcc9:1'),          toolset='gcc-9',     cxxstd='14,17', variant='debug'),
-        linux_b2('Linux B2 gcc-10',               _image('build-gcc10:1'),         toolset='gcc-10',    cxxstd='17'),
-        linux_b2('Linux B2 gcc-11',               _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20'),
-        linux_b2('Linux B2 gcc-12',               _image('build-gcc12:1'),         toolset='gcc-12',    cxxstd='20,23', variant='debug'),
-        linux_b2('Linux B2 gcc-13',               _image('build-gcc13:1'),         toolset='gcc-13',    cxxstd='20', db='mysql:9.4.0'),
-        linux_b2('Linux B2 gcc-14',               _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23'),
-        linux_b2('Linux B2 gcc-15',               _image('build-gcc15:1'),         toolset='gcc-15',    cxxstd='23'),
-        linux_b2('Linux B2 gcc-sanit',            _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        linux_b2('Linux B2 gcc-valgrind',         _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', valgrind=1),
-        linux_b2('Linux B2 gcc-11-arm64',         _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='release'),
-        linux_b2('Linux B2 gcc-11-arm64-sanit',   _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='debug'),
-        linux_b2('Linux B2 noopenssl',            _image('build-noopenssl:1'),     toolset='gcc',       cxxstd='11', fail_if_no_openssl=0),
+        # # CMake Linux
+        # linux_cmake('Linux CMake MySQL 5.x',      _image('build-gcc14:1'), db='mysql:5.7.41',   build_shared_libs=0),
+        # linux_cmake('Linux CMake MariaDB',        _image('build-gcc14:1'), db='mariadb:11.4.2', build_shared_libs=1),
+        # linux_cmake('Linux CMake cmake 3.8',      _image('build-cmake3_8:3'), cxxstd='11', install_test=0),
+        # linux_cmake('Linux CMake gcc Release',    _image('build-gcc14:1'), cmake_build_type='Release'),
+        # linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'),
+        # linux_cmake_noopenssl('Linux CMake no OpenSSL'),
+        # linux_cmake_nointeg('Linux CMake without integration tests'),
+
+        # # CMake Windows
+        # windows_cmake('Windows CMake static', build_shared_libs=0),
+        # windows_cmake('Windows CMake shared', build_shared_libs=1),
+
+        # # find_package with B2 distribution
+        # find_package_b2_linux('Linux find_package b2 distribution'),
+        # find_package_b2_windows('Windows find_package b2 distribution'),
+
+        # # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever
+        # # Default Ubuntu compilers:
+        # #   Ubuntu 16.04: gcc5,  clang 3.8
+        # #   Ubuntu 18.04: gcc7,  clang 7
+        # #   Ubuntu 20.04: gcc9,  clang 10
+        # #   Ubuntu 22.04: gcc11, clang 14
+        # #   Ubuntu 24.04: gcc13, clang 18
+        # linux_b2('Linux B2 clang-4',              _image('build-clang4:1'),        toolset='clang-4',   cxxstd='14'),
+        # linux_b2('Linux B2 clang-5-honly-dbg',    _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14', separate_compilation=0),
+        # linux_b2('Linux B2 clang-6',              _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14'),
+        # linux_b2('Linux B2 clang-7',              _image('build-clang7:2'),        toolset='clang-7',   cxxstd='14,17'),
+        # linux_b2('Linux B2 clang-8',              _image('build-clang8:2'),        toolset='clang-8',   cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        # linux_b2('Linux B2 clang-9',              _image('build-clang9:2'),        toolset='clang-9',   cxxstd='17', variant='release'),
+        # linux_b2('Linux B2 clang-10',             _image('build-clang10:2'),       toolset='clang-10',  cxxstd='17,20', variant='debug'),
+        # linux_b2('Linux B2 clang-11',             _image('build-clang11:2'),       toolset='clang-11',  cxxstd='20'),
+        # linux_b2('Linux B2 clang-12',             _image('build-clang12:2'),       toolset='clang-12',  cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1),
+        # linux_b2('Linux B2 clang-13',             _image('build-clang13:1'),       toolset='clang-13',  cxxstd='20', db='mysql:9.4.0'),
+        # linux_b2('Linux B2 clang-14',             _image('build-clang14:1'),       toolset='clang-14',  cxxstd='20', variant='debug'),
+        # linux_b2('Linux B2 clang-15',             _image('build-clang15:1'),       toolset='clang-15',  cxxstd='20', variant='debug'),
+        # linux_b2('Linux B2 clang-16',             _image('build-clang16:1'),       toolset='clang-16',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        # linux_b2('Linux B2 clang-17-honly-rls',   _image('build-clang17:1'),       toolset='clang-17',  cxxstd='20', variant='release', separate_compilation=0),
+        # linux_b2('Linux B2 clang-18-honly-dbg',   _image('build-clang18:1'),       toolset='clang-18',  cxxstd='20', variant='debug', separate_compilation=0),
+        # linux_b2('Linux B2 clang-19-libc++',      _image('build-clang19:1'),       toolset='clang-19',  cxxstd='23', stdlib='libc++'),
+        # linux_b2('Linux B2 clang-20',             _image('build-clang20:1'),       toolset='clang-20',  cxxstd='23'),
+        # linux_b2('Linux B2 clang-sanit',          _image('build-clang20:1'),       toolset='clang-20',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        # linux_b2('Linux B2 clang-i386-sanit',     _image('build-clang16-i386:1'),  toolset='clang-16',  cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1),
+
+        # linux_b2('Linux B2 gcc-5',                _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view
+        # linux_b2('Linux B2 gcc-5-ts-executor',    _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11', use_ts_executor=1),
+        # linux_b2('Linux B2 gcc-6-honly-dbg',      _image('build-gcc6:1'),          toolset='gcc-6',     cxxstd='14', variant='debug', separate_compilation=0),
+        # linux_b2('Linux B2 gcc-7',                _image('build-gcc7:1'),          toolset='gcc-7',     cxxstd='14,17', variant='debug'),
+        # linux_b2('Linux B2 gcc-8',                _image('build-gcc8:1'),          toolset='gcc-8',     cxxstd='17'),
+        # linux_b2('Linux B2 gcc-9',                _image('build-gcc9:1'),          toolset='gcc-9',     cxxstd='14,17', variant='debug'),
+        # linux_b2('Linux B2 gcc-10',               _image('build-gcc10:1'),         toolset='gcc-10',    cxxstd='17'),
+        # linux_b2('Linux B2 gcc-11',               _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20'),
+        # linux_b2('Linux B2 gcc-12',               _image('build-gcc12:1'),         toolset='gcc-12',    cxxstd='20,23', variant='debug'),
+        # linux_b2('Linux B2 gcc-13',               _image('build-gcc13:1'),         toolset='gcc-13',    cxxstd='20', db='mysql:9.4.0'),
+        # linux_b2('Linux B2 gcc-14',               _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23'),
+        # linux_b2('Linux B2 gcc-15',               _image('build-gcc15:1'),         toolset='gcc-15',    cxxstd='23'),
+        # linux_b2('Linux B2 gcc-sanit',            _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        # linux_b2('Linux B2 gcc-valgrind',         _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', valgrind=1),
+        # linux_b2('Linux B2 gcc-11-arm64',         _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='release'),
+        # linux_b2('Linux B2 gcc-11-arm64-sanit',   _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='debug'),
+        # linux_b2('Linux B2 noopenssl',            _image('build-noopenssl:1'),     toolset='gcc',       cxxstd='11', fail_if_no_openssl=0),
 
         # B2 Windows
-        windows_b2('Windows B2 msvc14.1 32-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release',       address_model='32'),
-        windows_b2('Windows B2 msvc14.1 64-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17',    variant='release'),
-        windows_b2('Windows B2 msvc14.2',             _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17',    variant='release'),
+        # windows_b2('Windows B2 msvc14.1 32-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release',       address_model='32'),
+        # windows_b2('Windows B2 msvc14.1 64-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17',    variant='release'),
+        # windows_b2('Windows B2 msvc14.2',             _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17',    variant='release'),
         windows_b2('Windows B2 msvc14.3',             _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='17,20',    variant='debug,release'),
-        windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20',       variant='release',       use_ts_executor=1),
+        # windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20',       variant='release',       use_ts_executor=1),
 
-        # Benchmarks
-        bench('Benchmarks'),
+        # # Benchmarks
+        # bench('Benchmarks'),
 
-        # Docs
-        docs('Linux docs')
+        # # Docs
+        # docs('Linux docs')
     ]
 

From 45c8800c2025107e09152cd98b799839d3c84fd6 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Tue, 19 May 2026 20:28:08 +0200
Subject: [PATCH 24/46] Proper generation

---
 .drone.star | 48 ++++++++++++++++++++++++++++--------------------
 1 file changed, 28 insertions(+), 20 deletions(-)

diff --git a/.drone.star b/.drone.star
index 76275fc15..9a476a527 100644
--- a/.drone.star
+++ b/.drone.star
@@ -128,24 +128,41 @@ def _pipeline(
             "privileged": True,
             "commands": ["echo 0 | tee /proc/sys/kernel/randomize_va_space"]
         })
-    
-    # Generate certificates
-    gen_certificates = db != None or os == "windows"
-    cert_path = "C:\\ssl\\" if os == "windows" else "/tls/"
-    ca_path = cert_path + "ca-cert.pem"
-    if gen_certificates:
+
+    # Set up the database and certificates
+    cert_dir = "C:/ssl/" if os == "windows" else "/opt/tls/"
+    if os == "windows":
+        # Generate certificates
+        steps.append({
+            "name": "Generate certificates",
+            "image": image,
+            "pull": "if-not-exists",
+            "commands": [
+                "python tools/ci/gen-certificates.py {}".format(cert_dir)
+            ]
+        })
+
+        # Restart MySQL, so certificates are picked up
+        steps.append({
+            "name": "Restart MySQL",
+            "commands": [
+                "net stop MySQL",
+                "net start MySQL"
+            ]
+        })
+    elif db != None:
+        # Generate certificates
         steps.append({
             "name": "Generate certificates",
             "image": image,
             "pull": "if-not-exists",
             "volumes": volumes,
             "commands": [
-                "python tools/ci/gen-certificates.py {}".format(cert_path)
+                "python tools/ci/gen-certificates.py {}".format(cert_dir)
             ]
         })
-    
-    # Start the database
-    if db != None:
+
+        # Database step
         steps.append({
             "name": "mysql",
             "image": db,
@@ -162,15 +179,6 @@ def _pipeline(
             ],
             "volumes": volumes
         })
-    elif os == "windows":
-        steps.append({
-            "name": "Restart MySQL",
-            "commands": [
-                "net stop MySQL",
-                "net start MySQL"
-            ]
-        })
-
     
     # Run the build
     steps.append({
@@ -180,7 +188,7 @@ def _pipeline(
         "privileged": arch == "arm64", # TSAN tests fail otherwise (personality syscall)
         "volumes": volumes,
         "environment": {
-            "BOOST_MYSQL_CA_CERTIFICATE": ca_path
+            "BOOST_MYSQL_CA_CERTIFICATE": cert_dir + "ca.crt"
         },
         "commands": [command]
     })

From 5d3ab60bbdc575209eaa13cbf7f2a94ae97015dc Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Tue, 19 May 2026 20:40:54 +0200
Subject: [PATCH 25/46] drone corrections

---
 .drone.star | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.drone.star b/.drone.star
index 9a476a527..fcc852719 100644
--- a/.drone.star
+++ b/.drone.star
@@ -145,6 +145,7 @@ def _pipeline(
         # Restart MySQL, so certificates are picked up
         steps.append({
             "name": "Restart MySQL",
+            "image": image,
             "commands": [
                 "net stop MySQL",
                 "net start MySQL"
@@ -397,7 +398,7 @@ def main(ctx):
         # #   Ubuntu 24.04: gcc13, clang 18
         # linux_b2('Linux B2 clang-4',              _image('build-clang4:1'),        toolset='clang-4',   cxxstd='14'),
         # linux_b2('Linux B2 clang-5-honly-dbg',    _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14', separate_compilation=0),
-        # linux_b2('Linux B2 clang-6',              _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14'),
+        # linux_b2('Linux B2 clang-6',              _image('build-clang6'),          toolset='clang-6',   cxxstd='14'),
         # linux_b2('Linux B2 clang-7',              _image('build-clang7:2'),        toolset='clang-7',   cxxstd='14,17'),
         # linux_b2('Linux B2 clang-8',              _image('build-clang8:2'),        toolset='clang-8',   cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
         # linux_b2('Linux B2 clang-9',              _image('build-clang9:2'),        toolset='clang-9',   cxxstd='17', variant='release'),

From 88ffb11930903d5618b4dfb7f43318872fc66350 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 09:30:30 +0200
Subject: [PATCH 26/46] Force CI


From 9274e92abf89442941d4cdecb93f8b0c51930270 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 09:32:43 +0200
Subject: [PATCH 27/46] attempt to fix errors

---
 .drone.star | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.drone.star b/.drone.star
index fcc852719..c1634d106 100644
--- a/.drone.star
+++ b/.drone.star
@@ -147,6 +147,7 @@ def _pipeline(
             "name": "Restart MySQL",
             "image": image,
             "commands": [
+                "net start MySQL",
                 "net stop MySQL",
                 "net start MySQL"
             ]

From 9cf1ec951a229a1b5a8d7ed792df9c169cca9718 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 09:34:15 +0200
Subject: [PATCH 28/46] Attempting without restart

---
 .drone.star | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.drone.star b/.drone.star
index c1634d106..0a296fe9a 100644
--- a/.drone.star
+++ b/.drone.star
@@ -142,16 +142,16 @@ def _pipeline(
             ]
         })
 
-        # Restart MySQL, so certificates are picked up
-        steps.append({
-            "name": "Restart MySQL",
-            "image": image,
-            "commands": [
-                "net start MySQL",
-                "net stop MySQL",
-                "net start MySQL"
-            ]
-        })
+        # # Restart MySQL, so certificates are picked up
+        # steps.append({
+        #     "name": "Restart MySQL",
+        #     "image": image,
+        #     "commands": [
+        #         "net start MySQL",
+        #         "net stop MySQL",
+        #         "net start MySQL"
+        #     ]
+        # })
     elif db != None:
         # Generate certificates
         steps.append({

From 73593917d1a3b71064c3f02d77bd6cd6932122f7 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 10:05:25 +0200
Subject: [PATCH 29/46] win escape seq

---
 .drone.star | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.star b/.drone.star
index 0a296fe9a..551bdbde5 100644
--- a/.drone.star
+++ b/.drone.star
@@ -130,7 +130,7 @@ def _pipeline(
         })
 
     # Set up the database and certificates
-    cert_dir = "C:/ssl/" if os == "windows" else "/opt/tls/"
+    cert_dir = "C:\ssl\" if os == "windows" else "/opt/tls/"
     if os == "windows":
         # Generate certificates
         steps.append({

From db2d0a54af37d5813c409f57779042aae4ca9c9f Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 10:07:37 +0200
Subject: [PATCH 30/46] missing raw literal

---
 .drone.star | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.star b/.drone.star
index 551bdbde5..6d66f4cc9 100644
--- a/.drone.star
+++ b/.drone.star
@@ -130,7 +130,7 @@ def _pipeline(
         })
 
     # Set up the database and certificates
-    cert_dir = "C:\ssl\" if os == "windows" else "/opt/tls/"
+    cert_dir = r"C:\ssl\" if os == "windows" else "/opt/tls/"
     if os == "windows":
         # Generate certificates
         steps.append({

From c6e97e59b098912a86a3e8246e6ea8dfcd654085 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 10:29:39 +0200
Subject: [PATCH 31/46] attempt to fix escape

---
 .drone.star | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.star b/.drone.star
index 6d66f4cc9..0752a0316 100644
--- a/.drone.star
+++ b/.drone.star
@@ -130,7 +130,7 @@ def _pipeline(
         })
 
     # Set up the database and certificates
-    cert_dir = r"C:\ssl\" if os == "windows" else "/opt/tls/"
+    cert_dir = "C:\\ssl\\" if os == "windows" else "/opt/tls/"
     if os == "windows":
         # Generate certificates
         steps.append({

From 53e343faf9137a8c2c6e50ceb640d271b8a2bc38 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 10:30:45 +0200
Subject: [PATCH 32/46] trying to get a backslash working

---
 .drone.star | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.star b/.drone.star
index 0752a0316..3b65cd01e 100644
--- a/.drone.star
+++ b/.drone.star
@@ -130,7 +130,7 @@ def _pipeline(
         })
 
     # Set up the database and certificates
-    cert_dir = "C:\\ssl\\" if os == "windows" else "/opt/tls/"
+    cert_dir = "C:\\\\ssl\\\\" if os == "windows" else "/opt/tls/"
     if os == "windows":
         # Generate certificates
         steps.append({

From 8f08947dded787b87ac6808ed5f5f12d8a65067d Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 10:45:43 +0200
Subject: [PATCH 33/46] correct cert path

---
 .drone.star | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.star b/.drone.star
index 3b65cd01e..eeaf558f4 100644
--- a/.drone.star
+++ b/.drone.star
@@ -190,7 +190,7 @@ def _pipeline(
         "privileged": arch == "arm64", # TSAN tests fail otherwise (personality syscall)
         "volumes": volumes,
         "environment": {
-            "BOOST_MYSQL_CA_CERTIFICATE": cert_dir + "ca.crt"
+            "BOOST_MYSQL_CA_CERTIFICATE": cert_dir + "ca-cert.pem"
         },
         "commands": [command]
     })

From 2a9dc0f50f58edd5c15042dafb3273bbd6610f75 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 17:42:42 +0200
Subject: [PATCH 34/46] Recover all the other builds

---
 .drone.star | 148 ++++++++++++++++++++++++----------------------------
 1 file changed, 69 insertions(+), 79 deletions(-)

diff --git a/.drone.star b/.drone.star
index eeaf558f4..a3771c5ec 100644
--- a/.drone.star
+++ b/.drone.star
@@ -142,16 +142,6 @@ def _pipeline(
             ]
         })
 
-        # # Restart MySQL, so certificates are picked up
-        # steps.append({
-        #     "name": "Restart MySQL",
-        #     "image": image,
-        #     "commands": [
-        #         "net start MySQL",
-        #         "net stop MySQL",
-        #         "net start MySQL"
-        #     ]
-        # })
     elif db != None:
         # Generate certificates
         steps.append({
@@ -373,79 +363,79 @@ def docs(name):
 
 def main(ctx):
     return [
-        # # CMake Linux
-        # linux_cmake('Linux CMake MySQL 5.x',      _image('build-gcc14:1'), db='mysql:5.7.41',   build_shared_libs=0),
-        # linux_cmake('Linux CMake MariaDB',        _image('build-gcc14:1'), db='mariadb:11.4.2', build_shared_libs=1),
-        # linux_cmake('Linux CMake cmake 3.8',      _image('build-cmake3_8:3'), cxxstd='11', install_test=0),
-        # linux_cmake('Linux CMake gcc Release',    _image('build-gcc14:1'), cmake_build_type='Release'),
-        # linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'),
-        # linux_cmake_noopenssl('Linux CMake no OpenSSL'),
-        # linux_cmake_nointeg('Linux CMake without integration tests'),
-
-        # # CMake Windows
-        # windows_cmake('Windows CMake static', build_shared_libs=0),
-        # windows_cmake('Windows CMake shared', build_shared_libs=1),
-
-        # # find_package with B2 distribution
-        # find_package_b2_linux('Linux find_package b2 distribution'),
-        # find_package_b2_windows('Windows find_package b2 distribution'),
-
-        # # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever
-        # # Default Ubuntu compilers:
-        # #   Ubuntu 16.04: gcc5,  clang 3.8
-        # #   Ubuntu 18.04: gcc7,  clang 7
-        # #   Ubuntu 20.04: gcc9,  clang 10
-        # #   Ubuntu 22.04: gcc11, clang 14
-        # #   Ubuntu 24.04: gcc13, clang 18
-        # linux_b2('Linux B2 clang-4',              _image('build-clang4:1'),        toolset='clang-4',   cxxstd='14'),
-        # linux_b2('Linux B2 clang-5-honly-dbg',    _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14', separate_compilation=0),
-        # linux_b2('Linux B2 clang-6',              _image('build-clang6'),          toolset='clang-6',   cxxstd='14'),
-        # linux_b2('Linux B2 clang-7',              _image('build-clang7:2'),        toolset='clang-7',   cxxstd='14,17'),
-        # linux_b2('Linux B2 clang-8',              _image('build-clang8:2'),        toolset='clang-8',   cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        # linux_b2('Linux B2 clang-9',              _image('build-clang9:2'),        toolset='clang-9',   cxxstd='17', variant='release'),
-        # linux_b2('Linux B2 clang-10',             _image('build-clang10:2'),       toolset='clang-10',  cxxstd='17,20', variant='debug'),
-        # linux_b2('Linux B2 clang-11',             _image('build-clang11:2'),       toolset='clang-11',  cxxstd='20'),
-        # linux_b2('Linux B2 clang-12',             _image('build-clang12:2'),       toolset='clang-12',  cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1),
-        # linux_b2('Linux B2 clang-13',             _image('build-clang13:1'),       toolset='clang-13',  cxxstd='20', db='mysql:9.4.0'),
-        # linux_b2('Linux B2 clang-14',             _image('build-clang14:1'),       toolset='clang-14',  cxxstd='20', variant='debug'),
-        # linux_b2('Linux B2 clang-15',             _image('build-clang15:1'),       toolset='clang-15',  cxxstd='20', variant='debug'),
-        # linux_b2('Linux B2 clang-16',             _image('build-clang16:1'),       toolset='clang-16',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        # linux_b2('Linux B2 clang-17-honly-rls',   _image('build-clang17:1'),       toolset='clang-17',  cxxstd='20', variant='release', separate_compilation=0),
-        # linux_b2('Linux B2 clang-18-honly-dbg',   _image('build-clang18:1'),       toolset='clang-18',  cxxstd='20', variant='debug', separate_compilation=0),
-        # linux_b2('Linux B2 clang-19-libc++',      _image('build-clang19:1'),       toolset='clang-19',  cxxstd='23', stdlib='libc++'),
-        # linux_b2('Linux B2 clang-20',             _image('build-clang20:1'),       toolset='clang-20',  cxxstd='23'),
-        # linux_b2('Linux B2 clang-sanit',          _image('build-clang20:1'),       toolset='clang-20',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        # linux_b2('Linux B2 clang-i386-sanit',     _image('build-clang16-i386:1'),  toolset='clang-16',  cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1),
-
-        # linux_b2('Linux B2 gcc-5',                _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view
-        # linux_b2('Linux B2 gcc-5-ts-executor',    _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11', use_ts_executor=1),
-        # linux_b2('Linux B2 gcc-6-honly-dbg',      _image('build-gcc6:1'),          toolset='gcc-6',     cxxstd='14', variant='debug', separate_compilation=0),
-        # linux_b2('Linux B2 gcc-7',                _image('build-gcc7:1'),          toolset='gcc-7',     cxxstd='14,17', variant='debug'),
-        # linux_b2('Linux B2 gcc-8',                _image('build-gcc8:1'),          toolset='gcc-8',     cxxstd='17'),
-        # linux_b2('Linux B2 gcc-9',                _image('build-gcc9:1'),          toolset='gcc-9',     cxxstd='14,17', variant='debug'),
-        # linux_b2('Linux B2 gcc-10',               _image('build-gcc10:1'),         toolset='gcc-10',    cxxstd='17'),
-        # linux_b2('Linux B2 gcc-11',               _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20'),
-        # linux_b2('Linux B2 gcc-12',               _image('build-gcc12:1'),         toolset='gcc-12',    cxxstd='20,23', variant='debug'),
-        # linux_b2('Linux B2 gcc-13',               _image('build-gcc13:1'),         toolset='gcc-13',    cxxstd='20', db='mysql:9.4.0'),
-        # linux_b2('Linux B2 gcc-14',               _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23'),
-        # linux_b2('Linux B2 gcc-15',               _image('build-gcc15:1'),         toolset='gcc-15',    cxxstd='23'),
-        # linux_b2('Linux B2 gcc-sanit',            _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
-        # linux_b2('Linux B2 gcc-valgrind',         _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', valgrind=1),
-        # linux_b2('Linux B2 gcc-11-arm64',         _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='release'),
-        # linux_b2('Linux B2 gcc-11-arm64-sanit',   _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='debug'),
-        # linux_b2('Linux B2 noopenssl',            _image('build-noopenssl:1'),     toolset='gcc',       cxxstd='11', fail_if_no_openssl=0),
+        # CMake Linux
+        linux_cmake('Linux CMake MySQL 5.x',      _image('build-gcc14:1'), db='mysql:5.7.41',   build_shared_libs=0),
+        linux_cmake('Linux CMake MariaDB',        _image('build-gcc14:1'), db='mariadb:11.4.2', build_shared_libs=1),
+        linux_cmake('Linux CMake cmake 3.8',      _image('build-cmake3_8:3'), cxxstd='11', install_test=0),
+        linux_cmake('Linux CMake gcc Release',    _image('build-gcc14:1'), cmake_build_type='Release'),
+        linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'),
+        linux_cmake_noopenssl('Linux CMake no OpenSSL'),
+        linux_cmake_nointeg('Linux CMake without integration tests'),
+
+        # CMake Windows
+        windows_cmake('Windows CMake static', build_shared_libs=0),
+        windows_cmake('Windows CMake shared', build_shared_libs=1),
+
+        # find_package with B2 distribution
+        find_package_b2_linux('Linux find_package b2 distribution'),
+        find_package_b2_windows('Windows find_package b2 distribution'),
+
+        # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever
+        # Default Ubuntu compilers:
+        #   Ubuntu 16.04: gcc5,  clang 3.8
+        #   Ubuntu 18.04: gcc7,  clang 7
+        #   Ubuntu 20.04: gcc9,  clang 10
+        #   Ubuntu 22.04: gcc11, clang 14
+        #   Ubuntu 24.04: gcc13, clang 18
+        linux_b2('Linux B2 clang-4',              _image('build-clang4:1'),        toolset='clang-4',   cxxstd='14'),
+        linux_b2('Linux B2 clang-5-honly-dbg',    _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14', separate_compilation=0),
+        linux_b2('Linux B2 clang-6',              _image('build-clang6'),          toolset='clang-6',   cxxstd='14'),
+        linux_b2('Linux B2 clang-7',              _image('build-clang7:2'),        toolset='clang-7',   cxxstd='14,17'),
+        linux_b2('Linux B2 clang-8',              _image('build-clang8:2'),        toolset='clang-8',   cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        linux_b2('Linux B2 clang-9',              _image('build-clang9:2'),        toolset='clang-9',   cxxstd='17', variant='release'),
+        linux_b2('Linux B2 clang-10',             _image('build-clang10:2'),       toolset='clang-10',  cxxstd='17,20', variant='debug'),
+        linux_b2('Linux B2 clang-11',             _image('build-clang11:2'),       toolset='clang-11',  cxxstd='20'),
+        linux_b2('Linux B2 clang-12',             _image('build-clang12:2'),       toolset='clang-12',  cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1),
+        linux_b2('Linux B2 clang-13',             _image('build-clang13:1'),       toolset='clang-13',  cxxstd='20', db='mysql:9.4.0'),
+        linux_b2('Linux B2 clang-14',             _image('build-clang14:1'),       toolset='clang-14',  cxxstd='20', variant='debug'),
+        linux_b2('Linux B2 clang-15',             _image('build-clang15:1'),       toolset='clang-15',  cxxstd='20', variant='debug'),
+        linux_b2('Linux B2 clang-16',             _image('build-clang16:1'),       toolset='clang-16',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        linux_b2('Linux B2 clang-17-honly-rls',   _image('build-clang17:1'),       toolset='clang-17',  cxxstd='20', variant='release', separate_compilation=0),
+        linux_b2('Linux B2 clang-18-honly-dbg',   _image('build-clang18:1'),       toolset='clang-18',  cxxstd='20', variant='debug', separate_compilation=0),
+        linux_b2('Linux B2 clang-19-libc++',      _image('build-clang19:1'),       toolset='clang-19',  cxxstd='23', stdlib='libc++'),
+        linux_b2('Linux B2 clang-20',             _image('build-clang20:1'),       toolset='clang-20',  cxxstd='23'),
+        linux_b2('Linux B2 clang-sanit',          _image('build-clang20:1'),       toolset='clang-20',  cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        linux_b2('Linux B2 clang-i386-sanit',     _image('build-clang16-i386:1'),  toolset='clang-16',  cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1),
+
+        linux_b2('Linux B2 gcc-5',                _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view
+        linux_b2('Linux B2 gcc-5-ts-executor',    _image('build-gcc5:1'),          toolset='gcc-5',     cxxstd='11', use_ts_executor=1),
+        linux_b2('Linux B2 gcc-6-honly-dbg',      _image('build-gcc6:1'),          toolset='gcc-6',     cxxstd='14', variant='debug', separate_compilation=0),
+        linux_b2('Linux B2 gcc-7',                _image('build-gcc7:1'),          toolset='gcc-7',     cxxstd='14,17', variant='debug'),
+        linux_b2('Linux B2 gcc-8',                _image('build-gcc8:1'),          toolset='gcc-8',     cxxstd='17'),
+        linux_b2('Linux B2 gcc-9',                _image('build-gcc9:1'),          toolset='gcc-9',     cxxstd='14,17', variant='debug'),
+        linux_b2('Linux B2 gcc-10',               _image('build-gcc10:1'),         toolset='gcc-10',    cxxstd='17'),
+        linux_b2('Linux B2 gcc-11',               _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20'),
+        linux_b2('Linux B2 gcc-12',               _image('build-gcc12:1'),         toolset='gcc-12',    cxxstd='20,23', variant='debug'),
+        linux_b2('Linux B2 gcc-13',               _image('build-gcc13:1'),         toolset='gcc-13',    cxxstd='20', db='mysql:9.4.0'),
+        linux_b2('Linux B2 gcc-14',               _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23'),
+        linux_b2('Linux B2 gcc-15',               _image('build-gcc15:1'),         toolset='gcc-15',    cxxstd='23'),
+        linux_b2('Linux B2 gcc-sanit',            _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
+        linux_b2('Linux B2 gcc-valgrind',         _image('build-gcc14:1'),         toolset='gcc-14',    cxxstd='23', variant='debug', valgrind=1),
+        linux_b2('Linux B2 gcc-11-arm64',         _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='release'),
+        linux_b2('Linux B2 gcc-11-arm64-sanit',   _image('build-gcc11:1'),         toolset='gcc-11',    cxxstd='20', arch='arm64', variant='debug'),
+        linux_b2('Linux B2 noopenssl',            _image('build-noopenssl:1'),     toolset='gcc',       cxxstd='11', fail_if_no_openssl=0),
 
         # B2 Windows
-        # windows_b2('Windows B2 msvc14.1 32-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release',       address_model='32'),
-        # windows_b2('Windows B2 msvc14.1 64-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17',    variant='release'),
-        # windows_b2('Windows B2 msvc14.2',             _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17',    variant='release'),
+        windows_b2('Windows B2 msvc14.1 32-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release',       address_model='32'),
+        windows_b2('Windows B2 msvc14.1 64-bit',      _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17',    variant='release'),
+        windows_b2('Windows B2 msvc14.2',             _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17',    variant='release'),
         windows_b2('Windows B2 msvc14.3',             _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='17,20',    variant='debug,release'),
-        # windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20',       variant='release',       use_ts_executor=1),
+        windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20',       variant='release',       use_ts_executor=1),
 
-        # # Benchmarks
-        # bench('Benchmarks'),
+        # Benchmarks
+        bench('Benchmarks'),
 
-        # # Docs
-        # docs('Linux docs')
+        # Docs
+        docs('Linux docs')
     ]
 

From c501a3f1aad6f1b1cf9ba116d3ae3c8b374b8a20 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 17:46:11 +0200
Subject: [PATCH 35/46] Missing OSX cert

---
 tools/setup_db_osx.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/setup_db_osx.sh b/tools/setup_db_osx.sh
index 9d1800987..e05eaae53 100644
--- a/tools/setup_db_osx.sh
+++ b/tools/setup_db_osx.sh
@@ -16,6 +16,7 @@ export PATH="/opt/homebrew/opt/mysql@8.0/bin:$PATH"
 # Generate the certificates
 mkdir -p /tmp/mysql-tls
 python tools/ci/gen-certificates.py /tmp/mysql-tls
+export BOOST_MYSQL_CA_CERTIFICATE=/tmp/mysql-tls/ca-cert.pem
 
 # Copy config files and set up paths
 cp tools/osx-ci.cnf ~/.my.cnf

From 7089efee3043f1eabce0dca992054824b819dd05 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 17:50:14 +0200
Subject: [PATCH 36/46] Update actions

---
 .github/workflows/build-code.yml | 5 ++---
 .github/workflows/coverage.yml   | 6 +++---
 .github/workflows/fuzz.yml       | 8 ++++----
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/build-code.yml b/.github/workflows/build-code.yml
index 4446cb9a4..f3d58a742 100644
--- a/.github/workflows/build-code.yml
+++ b/.github/workflows/build-code.yml
@@ -10,16 +10,15 @@ name: Build
 on:
   push:
     branches: [develop, master]
-    tags: ['*']
+    tags: ["*"]
   pull_request:
   workflow_dispatch:
 
-
 jobs:
   osx:
     runs-on: macos-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - run: |
           unlink /usr/local/bin/python || echo "/usr/local/bin/python not found"
           ln -s /usr/local/bin/python3 /usr/local/bin/python
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index c4394922d..384e265a4 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -19,10 +19,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Fetch code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Start containers
-        uses: hoverkraft-tech/compose-action@v2.5.0
+        uses: hoverkraft-tech/compose-action@v2.6.0
         with:
           compose-file: ./tools/ci/docker-compose.yml
         env:
@@ -58,7 +58,7 @@ jobs:
           docker exec builder sed "s|^SF:$HOME/boost-root/|SF:include/|g" coverage.info > /boost-mysql/coverage.info
 
       - name: Upload coverage reports
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v6
         with:
           verbose: true
           fail_ci_if_error: true
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index 6e2dfba86..61fd4b72c 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -21,17 +21,17 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Fetch code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Start containers
-        uses: hoverkraft-tech/compose-action@v2.5.0
+        uses: hoverkraft-tech/compose-action@v2.6.0
         with:
           compose-file: ./tools/ci/docker-compose.yml
         env:
           BUILDER_IMAGE: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1
 
       - name: Restore corpus
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: /tmp/corpus.tar.gz
           key: corpus-${{ github.run_id }}
@@ -50,7 +50,7 @@ jobs:
           docker exec builder bash -c 'cp /root/boost-root/crash-* /root/boost-root/leak-* /root/boost-root/timeout-* /boost-mysql/ || true'
 
       - name: Archive any crashes as an artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         if: always()
         with:
           name: crashes

From bbe2f34427ab81bb0206eaa1e4493fec74790d4b Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 18:09:33 +0200
Subject: [PATCH 37/46] Misc path fixes

---
 .drone.star                    | 2 +-
 .github/workflows/coverage.yml | 7 +++++--
 tools/ci/docker-compose.yml    | 2 +-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/.drone.star b/.drone.star
index a3771c5ec..27a6240fb 100644
--- a/.drone.star
+++ b/.drone.star
@@ -130,7 +130,7 @@ def _pipeline(
         })
 
     # Set up the database and certificates
-    cert_dir = "C:\\\\ssl\\\\" if os == "windows" else "/opt/tls/"
+    cert_dir = "C:\\\\ssl\\\\" if os == "windows" else "/tls/"
     if os == "windows":
         # Generate certificates
         steps.append({
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 384e265a4..79dd4982b 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -21,6 +21,9 @@ jobs:
       - name: Fetch code
         uses: actions/checkout@v6
 
+      - name: Generate certificates
+        run: sudo python tools/gen-certificates.py /opt/ci-tls-mysql
+
       - name: Start containers
         uses: hoverkraft-tech/compose-action@v2.6.0
         with:
@@ -48,14 +51,14 @@ jobs:
             --rc geninfo_unexecuted_blocks=1 \
             --ignore-errors mismatch \
             --gcov-tool gcov-14 \
-            --directory ~/boost-root/bin.v2 \
+            --directory /root/boost-root/bin.v2 \
             --capture \
             --output-file all.info
           docker exec builder lcov \
             --rc branch_coverage=0 \
             --output-file coverage.info \
             --extract all.info '*/boost/mysql*'
-          docker exec builder sed "s|^SF:$HOME/boost-root/|SF:include/|g" coverage.info > /boost-mysql/coverage.info
+          docker exec builder sed "s|^SF:/root/boost-root/|SF:include/|g" coverage.info > /boost-mysql/coverage.info
 
       - name: Upload coverage reports
         uses: codecov/codecov-action@v6
diff --git a/tools/ci/docker-compose.yml b/tools/ci/docker-compose.yml
index be147b5e9..cea183679 100644
--- a/tools/ci/docker-compose.yml
+++ b/tools/ci/docker-compose.yml
@@ -23,5 +23,5 @@ services:
     tty: true
     volumes:
       - ../../:/boost-mysql
-      - /opt/ci-tls-mysql:/tls
+      - /opt/ci-tls-mysql:/opt/ci-tls-mysql
       - /var/run/mysqld:/var/run/mysqld

From caf5283277c4cf8d0844d115e0aa4a82ebad36af Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 18:09:48 +0200
Subject: [PATCH 38/46] Remove the certificates

---
 tools/ssl/ca-cert.pem     | 21 ---------------------
 tools/ssl/server-cert.pem | 19 -------------------
 tools/ssl/server-key.pem  | 27 ---------------------------
 3 files changed, 67 deletions(-)
 delete mode 100644 tools/ssl/ca-cert.pem
 delete mode 100644 tools/ssl/server-cert.pem
 delete mode 100644 tools/ssl/server-key.pem

diff --git a/tools/ssl/ca-cert.pem b/tools/ssl/ca-cert.pem
deleted file mode 100644
index ee0018c55..000000000
--- a/tools/ssl/ca-cert.pem
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDZzCCAk+gAwIBAgIUWznm2UoxXw3j7HCcp9PpiayTvFQwDQYJKoZIhvcNAQEL
-BQAwQjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAMBgNVBAoM
-BW15c3FsMQ4wDAYDVQQDDAVteXNxbDAgFw0yMDA0MDQxNDMwMjNaGA8zMDE5MDgw
-NjE0MzAyM1owQjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAM
-BgNVBAoMBW15c3FsMQ4wDAYDVQQDDAVteXNxbDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAN0WYdvsDb+a0TxOGPejcwZT0zvTrf921mmDUlrLN1Z0hJ/S
-ydgQCSD7Q+6za4lTFZCXcvs52xvvS2gfC0yXyYLCT/jA4RQRxuF+/+w1gDWEbGk0
-KzEpsBuKrEIvEaVdoS78SxInnW/aegshdrRRocp4JQ6KHsZgkLTxSwPfYSUmMUo0
-cRO0Q/ak3VK8NP13A6ZFvZjrBxjS3cSw9HqilgADcyj1D4EokvfI1C9LrgwgLlZC
-XVkjjBqqoMXGGlnXOEK+pm8bU68HM/QvMBkb1Amo8pioNaaYgqJUCP0Ch0iu1nUU
-HtsWt6emXv0jANgIW0oga7xcT4MDGN/M+IRWLTECAwEAAaNTMFEwHQYDVR0OBBYE
-FNxhaGwf5ePPhzK7yOAKD3VF6wm2MB8GA1UdIwQYMBaAFNxhaGwf5ePPhzK7yOAK
-D3VF6wm2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAoeJCAX
-IDCFoAaZoQ1niI6Ac/cds8G8It0UCcFGSg+HrZ0YujJxWIruRCUG60Q2OAbEvn0+
-uRpTm+4tV1Wt92WFeuRyqkomozx0g4CyfsxGX/x8mLhKPFK/7K9iTXM4/t+xQC4f
-J+iRmPVsMKQ8YsHYiWVhlOMH9XJQiqERCB2kOKJCH6xkaF2k0GbM2sGgbS7Z6lrd
-fsFTOIVx0VxLVsZnWX3byE9ghnDR5jn18u30Cpb/R/ShxNUGIHqRa4DkM5la6uZX
-W1fpSW11JBSUv4WnOO0C2rlIu7UJWOROqZZ0OsybPRGGwagcyff2qVRuI2XFvAMk
-OzBrmpfHEhF6NDU=
------END CERTIFICATE-----
diff --git a/tools/ssl/server-cert.pem b/tools/ssl/server-cert.pem
deleted file mode 100644
index a4e4e705b..000000000
--- a/tools/ssl/server-cert.pem
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDDTCCAfUCAQEwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCQVUxEzARBgNV
-BAgMClNvbWUtU3RhdGUxDjAMBgNVBAoMBW15c3FsMQ4wDAYDVQQDDAVteXNxbDAg
-Fw0yMDA0MDQxNDMxMTJaGA8zMDE5MDgwNjE0MzExMlowVTELMAkGA1UEBhMCQVUx
-EzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMg
-UHR5IEx0ZDEOMAwGA1UEAwwFbXlzcWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQDMG6j417e444WQxqJTqYRldtXde2hYFzZd5owzrWW6f2dff8Hu+WcW
-ozrulmyiRx3E3PRUwT6XbjVRMJdThoE8IgLC16Q95rEGStxRh/fLjyLBf8626HDW
-5d3T1N008lMKFy7MXVrdsSFcIQRYkmuTN7T2YXfvdS2Y5cx9oHw3hhNF+jfFBYEP
-UhtnvKbdVK7oezsULr8CjfyJWAcubODWTOny5yO/v2sI7X00M8qc/zCtB6I30rlI
-xPYs2nCYw+l89tm/XyJ7ayT7aE2jcR0Tnz0hB46jUxbESR+0aw8RiluFT0ec/Nxy
-y4AWd/inx3LJpzbgIzvlxCmJDoIohJeFAgMBAAEwDQYJKoZIhvcNAQELBQADggEB
-ACVcNZdiTpCcd2Ic0SS3DdGeNP+0hyL6xx/7KLMT7FuLtHHMzwzTwwQCXmhZIhj8
-0gwzOsBR8YzYIM/TJnYN35e813lv0elfz2wlwOf4yWrdllj8ymfzaUbvaML/Z5qy
-vnMhnobsd2lgUD5ousfLdga7ueIKL1wE8TNJRIkrlObQgf3UOOMHBO707Y64FC5x
-qbIvhriMQJSCF+EPmqeLirzPg8LLvUzM6enuuos+I3/WxkntCHO1ONYSl//h2P2E
-Yoigb6S89lAFPiuXL1fmtaJN7ALRKWu5k1mundDePG+RhVDVuWuVHyfc5dMBH6DK
-v4mGZ5Ie3C9dDM2qaz4fo+w=
------END CERTIFICATE-----
diff --git a/tools/ssl/server-key.pem b/tools/ssl/server-key.pem
deleted file mode 100644
index c62c74857..000000000
--- a/tools/ssl/server-key.pem
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAzBuo+Ne3uOOFkMaiU6mEZXbV3XtoWBc2XeaMM61lun9nX3/B
-7vlnFqM67pZsokcdxNz0VME+l241UTCXU4aBPCICwtekPeaxBkrcUYf3y48iwX/O
-tuhw1uXd09TdNPJTChcuzF1a3bEhXCEEWJJrkze09mF373UtmOXMfaB8N4YTRfo3
-xQWBD1IbZ7ym3VSu6Hs7FC6/Ao38iVgHLmzg1kzp8ucjv79rCO19NDPKnP8wrQei
-N9K5SMT2LNpwmMPpfPbZv18ie2sk+2hNo3EdE589IQeOo1MWxEkftGsPEYpbhU9H
-nPzccsuAFnf4p8dyyac24CM75cQpiQ6CKISXhQIDAQABAoIBAQCksGzW3LhRZsQO
-3Td9afp6JDjMTRcUfSZQ/gWCbRb4NHSkieFhgbu8eFjEyns9NUS/48kB2is25KYA
-rMRtkMoWSxsPPBA6IjoUabL71koK5aOVnhqdW1AxFai3k7opTp3SNoJ8Q5dd6d6R
-B9MJ5JsIXpqVcm/jtxjjlgg6FZQk94gqoskRbekih+QidRplFkeGDRDWpHz5621T
-92PSWu7C0au3Q+iMhaUeeKnWeIYNyCFWYGHxbJStBW0r1Xy6tkTJIBuOQN1JVT2S
-f196xqBnEj+kkWLV6rrZNqLrptP1PjcKxRGjKoYxlL1F/51FuJSpTiSnf42hJYCp
-TkS0ViABAoGBAPUxFwqPl9uw/dnugFztR9P/j0RRlcHEtsz4eK4CSVKKhRLiwMoB
-yKQ1B6fDshTdFRoNaMyByZ1NzsEsvIcYk9LOPtEy2kTsgVK+EW8QFkxIgJtZEy1r
-0nPV4a/latzyvjNl5xIdAgldxrpQEg7BAO7GVDnrPWETZ2TJV1Vq7u0FAoGBANUa
-9B8+7AHGMiRMkyKKHJh340FVqlKH7XVvsoooCiTi0olUPNB70sAleOMTi5BiWnwZ
-6z734eLFAHWsD8XyRQE6vW7NSqNqQ2g9Mv8i7tyn3P4AQwqpEXrdvklM+nc7clKu
-agIHFfeVeB0YmLXmq26z6m3dGQeqsEKMDlM5iwiBAoGBAN32UqV82DxJPYTMI+f7
-5cpEz61JLgj7y4BCbv0XlMjkHRO7skss0jXUy9lTjyLUAQZUnUqFM77zcPfvR7wE
-w81SaAt5vZ4ne+srpRyls4nbGJGJUZMMyLeUJ3rUdKkQFp7w4P3ExNM10XFYiwBQ
-OEfvws+r5SS8LB1RJ35sD18BAoGBAMgOaab7luuDeIcDLA18wqOPyNQI68BWwuFA
-Xse8FunR1fv+DKlb1Nl1VCs4qgh9jJx8aI/QfUo5ztipEpWtfoJM9pESQENw+p7c
-9Qb3cG3NWHVLIaTcWwCRMpX1ohxUvlpISlRk+oZW10/ZS2NYjQ9771P8AAdmgdm3
-SatvlcoBAoGANyp6/KwFBNEwoFVGWUjIZ2GFH6lcgMjvX52gDN+aqhyN/vdR+rG6
-fekp/e9ef8VbPZS/nhZ+5TyhVKZ9Cw/4rDXvhNv7ir7wSGYs85Ry1n+ltQtNW3rV
-UZ0UdRlp8sLvKT5gqba1wVaYW76Y1PZiMltzaldYuVKqYIheoibxlm4=
------END RSA PRIVATE KEY-----

From 15e7f9b04a699a1d2e75ee1609b5ee61a5eb05c9 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 18:11:08 +0200
Subject: [PATCH 39/46] Missing clang6 tag

---
 .drone.star | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.drone.star b/.drone.star
index 27a6240fb..4b9a72e9d 100644
--- a/.drone.star
+++ b/.drone.star
@@ -389,7 +389,7 @@ def main(ctx):
         #   Ubuntu 24.04: gcc13, clang 18
         linux_b2('Linux B2 clang-4',              _image('build-clang4:1'),        toolset='clang-4',   cxxstd='14'),
         linux_b2('Linux B2 clang-5-honly-dbg',    _image('build-clang5:1'),        toolset='clang-5',   cxxstd='14', separate_compilation=0),
-        linux_b2('Linux B2 clang-6',              _image('build-clang6'),          toolset='clang-6',   cxxstd='14'),
+        linux_b2('Linux B2 clang-6',              _image('build-clang6:1'),        toolset='clang-6',   cxxstd='14'),
         linux_b2('Linux B2 clang-7',              _image('build-clang7:2'),        toolset='clang-7',   cxxstd='14,17'),
         linux_b2('Linux B2 clang-8',              _image('build-clang8:2'),        toolset='clang-8',   cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1),
         linux_b2('Linux B2 clang-9',              _image('build-clang9:2'),        toolset='clang-9',   cxxstd='17', variant='release'),

From 34413276bc57fb6c971c2a64d6981567c838a162 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Wed, 20 May 2026 18:14:04 +0200
Subject: [PATCH 40/46] Don't use too recent pys

---
 tools/ci/gen-certificates.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/ci/gen-certificates.py b/tools/ci/gen-certificates.py
index 32f24b920..b95f2cb48 100755
--- a/tools/ci/gen-certificates.py
+++ b/tools/ci/gen-certificates.py
@@ -15,7 +15,7 @@
 
 
 def _run_openssl(*args: str) -> None:
-    print(f' + {" ".join(args)}')
+    print(' +', *args)
     subprocess.run(['openssl', *args], check=True)
 
 

From 75bf38171ee6978d28fdcf24873d4bebd5ba504f Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Thu, 21 May 2026 18:02:18 +0200
Subject: [PATCH 41/46] Update the certificate verification example

---
 .../2_simple/tls_certificate_verification.cpp | 38 +++----------------
 example/CMakeLists.txt                        |  8 +++-
 example/Jamfile                               |  8 +++-
 3 files changed, 20 insertions(+), 34 deletions(-)

diff --git a/example/2_simple/tls_certificate_verification.cpp b/example/2_simple/tls_certificate_verification.cpp
index 893c231e5..4482cae15 100644
--- a/example/2_simple/tls_certificate_verification.cpp
+++ b/example/2_simple/tls_certificate_verification.cpp
@@ -30,7 +30,6 @@
 #include <boost/mysql/results.hpp>
 
 #include <boost/asio/awaitable.hpp>
-#include <boost/asio/buffer.hpp>
 #include <boost/asio/co_spawn.hpp>
 #include <boost/asio/io_context.hpp>
 #include <boost/asio/ssl/context.hpp>
@@ -42,35 +41,12 @@
 namespace mysql = boost::mysql;
 namespace asio = boost::asio;
 
-// The CA file that signed the server's certificate
-constexpr const char CA_PEM[] = R"%(-----BEGIN CERTIFICATE-----
-MIIDZzCCAk+gAwIBAgIUWznm2UoxXw3j7HCcp9PpiayTvFQwDQYJKoZIhvcNAQEL
-BQAwQjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAMBgNVBAoM
-BW15c3FsMQ4wDAYDVQQDDAVteXNxbDAgFw0yMDA0MDQxNDMwMjNaGA8zMDE5MDgw
-NjE0MzAyM1owQjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAM
-BgNVBAoMBW15c3FsMQ4wDAYDVQQDDAVteXNxbDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAN0WYdvsDb+a0TxOGPejcwZT0zvTrf921mmDUlrLN1Z0hJ/S
-ydgQCSD7Q+6za4lTFZCXcvs52xvvS2gfC0yXyYLCT/jA4RQRxuF+/+w1gDWEbGk0
-KzEpsBuKrEIvEaVdoS78SxInnW/aegshdrRRocp4JQ6KHsZgkLTxSwPfYSUmMUo0
-cRO0Q/ak3VK8NP13A6ZFvZjrBxjS3cSw9HqilgADcyj1D4EokvfI1C9LrgwgLlZC
-XVkjjBqqoMXGGlnXOEK+pm8bU68HM/QvMBkb1Amo8pioNaaYgqJUCP0Ch0iu1nUU
-HtsWt6emXv0jANgIW0oga7xcT4MDGN/M+IRWLTECAwEAAaNTMFEwHQYDVR0OBBYE
-FNxhaGwf5ePPhzK7yOAKD3VF6wm2MB8GA1UdIwQYMBaAFNxhaGwf5ePPhzK7yOAK
-D3VF6wm2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAoeJCAX
-IDCFoAaZoQ1niI6Ac/cds8G8It0UCcFGSg+HrZ0YujJxWIruRCUG60Q2OAbEvn0+
-uRpTm+4tV1Wt92WFeuRyqkomozx0g4CyfsxGX/x8mLhKPFK/7K9iTXM4/t+xQC4f
-J+iRmPVsMKQ8YsHYiWVhlOMH9XJQiqERCB2kOKJCH6xkaF2k0GbM2sGgbS7Z6lrd
-fsFTOIVx0VxLVsZnWX3byE9ghnDR5jn18u30Cpb/R/ShxNUGIHqRa4DkM5la6uZX
-W1fpSW11JBSUv4WnOO0C2rlIu7UJWOROqZZ0OsybPRGGwagcyff2qVRuI2XFvAMk
-OzBrmpfHEhF6NDU=
------END CERTIFICATE-----
-)%";
-
 // The main coroutine
 asio::awaitable<void> coro_main(
     std::string_view server_hostname,
     std::string_view username,
-    std::string_view password
+    std::string_view password,
+    std::string_view ca_cert_path
 )
 {
     //[section_connection_establishment_tls_options
@@ -83,11 +59,9 @@ asio::awaitable<void> coro_main(
 
     // Load a trusted CA, which was used to sign the server's certificate.
     // This will allow the signature verification to succeed in our example.
-    // You will have to run your MySQL server with the test certificates
-    // located under $BOOST_MYSQL_ROOT/tools/ssl/
     // If you want to use your system's trusted CAs, use
     // ssl::context::set_default_verify_paths() instead of this function.
-    ssl_ctx.add_certificate_authority(asio::buffer(CA_PEM));
+    ssl_ctx.load_verify_file(std::string(ca_cert_path));
 
     // We expect the server certificate's common name to be "mysql".
     // If it's not, the certificate will be rejected and handshake or connect will fail.
@@ -123,9 +97,9 @@ asio::awaitable<void> coro_main(
 
 void main_impl(int argc, char** argv)
 {
-    if (argc != 4)
+    if (argc != 5)
     {
-        std::cerr << "Usage: " << argv[0] << " <username> <password> <server-hostname>\n";
+        std::cerr << "Usage: " << argv[0] << " <username> <password> <server-hostname> <ca-cert-path>\n";
         exit(1);
     }
 
@@ -135,7 +109,7 @@ void main_impl(int argc, char** argv)
     // Launch our coroutine
     asio::co_spawn(
         ctx,
-        [=] { return coro_main(argv[3], argv[1], argv[2]); },
+        [=] { return coro_main(argv[3], argv[1], argv[2], argv[4]); },
         // If any exception is thrown in the coroutine body, rethrow it.
         [](std::exception_ptr ptr) {
             if (ptr)
diff --git a/example/CMakeLists.txt b/example/CMakeLists.txt
index de38d85f7..df6f9478c 100644
--- a/example/CMakeLists.txt
+++ b/example/CMakeLists.txt
@@ -15,6 +15,12 @@ else()
     set(SERVER_HOST "127.0.0.1")
 endif()
 
+if(DEFINED ENV{BOOST_MYSQL_CA_CERTIFICATE})
+    set(CA_CERTIFICATE $ENV{BOOST_MYSQL_CA_CERTIFICATE})
+else()
+    set(CA_CERTIFICATE "/opt/ci-tls-mysql/ca-cert.pem")
+endif()
+
 add_library(boost_mysql_examples_common INTERFACE)
 target_link_libraries(
     boost_mysql_examples_common
@@ -85,7 +91,7 @@ add_simple_example(batch_inserts_generic        ARGS ${SERVER_HOST}  PYTHON_RUNN
 add_simple_example(patch_updates                ARGS ${SERVER_HOST}  PYTHON_RUNNER run_patch_updates.py)
 add_simple_example(dynamic_filters              ARGS ${SERVER_HOST}  PYTHON_RUNNER run_dynamic_filters.py)
 add_simple_example(disable_tls                  ARGS ${REGULAR_ARGS})
-add_simple_example(tls_certificate_verification ARGS ${REGULAR_ARGS})
+add_simple_example(tls_certificate_verification ARGS ${REGULAR_ARGS} ${CA_CERTIFICATE})
 add_simple_example(metadata                     ARGS ${REGULAR_ARGS})
 add_simple_example(prepared_statements          ARGS ${REGULAR_ARGS} "HGS")
 add_simple_example(pipeline                     ARGS ${REGULAR_ARGS} "HGS")
diff --git a/example/Jamfile b/example/Jamfile
index 56d641c20..fdddf58c5 100644
--- a/example/Jamfile
+++ b/example/Jamfile
@@ -17,6 +17,12 @@ if $(hostname) = ""
     hostname = "127.0.0.1" ;
 }
 
+local ca_certificate = [ os.environ BOOST_MYSQL_CA_CERTIFICATE ] ;
+if $(ca_certificate) = ""
+{
+    ca_certificate = "/opt/ci-tls-mysql/ca-cert.pem" ;
+}
+
 # Builds and run an example
 rule run_example (
     example_name :
@@ -86,7 +92,7 @@ run_example dynamic_filters : 2_simple/dynamic_filters.cpp
 run_example disable_tls : 2_simple/disable_tls.cpp
     : $(regular_args) ;
 run_example tls_certificate_verification : 2_simple/tls_certificate_verification.cpp
-    : $(regular_args) ;
+    : $(regular_args) $(ca_certificate) ;
 run_example metadata : 2_simple/metadata.cpp 
     : $(regular_args) ;
 run_example prepared_statements : 2_simple/prepared_statements.cpp 

From a41276f14fd6f4f686ff2bb1ae07336180809405 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Thu, 21 May 2026 19:55:40 +0200
Subject: [PATCH 42/46] Place certificates in CI somewhere not requiring sudo

---
 .github/workflows/coverage.yml |  2 +-
 tools/ci/docker-compose.yml    | 13 +++++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 79dd4982b..8d3930903 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -22,7 +22,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Generate certificates
-        run: sudo python tools/gen-certificates.py /opt/ci-tls-mysql
+        run: python tools/gen-certificates.py /tmp/mysql-tls
 
       - name: Start containers
         uses: hoverkraft-tech/compose-action@v2.6.0
diff --git a/tools/ci/docker-compose.yml b/tools/ci/docker-compose.yml
index cea183679..7a81dc3de 100644
--- a/tools/ci/docker-compose.yml
+++ b/tools/ci/docker-compose.yml
@@ -1,3 +1,12 @@
+#
+# Copyright (c) 2019-2025 Ruben Perez Hidalgo (rubenperez038 at gmail dot com)
+#
+# Distributed under the Boost Software License, Version 1.0. (See accompanying
+# file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
+#
+
+# Used in GitHub Actions CIs
+
 services:
   mysql:
     image: mysql:8.4.1
@@ -6,7 +15,7 @@ services:
       MYSQL_ALLOW_EMPTY_PASSWORD: "1"
       MYSQL_ROOT_PASSWORD: ""
     volumes:
-      - /opt/ci-tls-mysql:/tls
+      - /tmp/mysql-tls:/tls
       - /var/run/mysqld:/var/run/mysqld
     command: >
       /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \
@@ -23,5 +32,5 @@ services:
     tty: true
     volumes:
       - ../../:/boost-mysql
-      - /opt/ci-tls-mysql:/opt/ci-tls-mysql
+      - /tmp/mysql-tls:/opt/ci-tls-mysql
       - /var/run/mysqld:/var/run/mysqld

From 1588f513d012793261fc890e8d11d4b454a81f8d Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Thu, 21 May 2026 19:55:54 +0200
Subject: [PATCH 43/46] Generate certs for fuzz

---
 .github/workflows/fuzz.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index 61fd4b72c..9e08b13b6 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -23,6 +23,9 @@ jobs:
       - name: Fetch code
         uses: actions/checkout@v6
 
+      - name: Generate certificates
+        run: python tools/gen-certificates.py /tmp/mysql-tls
+
       - name: Start containers
         uses: hoverkraft-tech/compose-action@v2.6.0
         with:

From e52ec2708e0c9b85c03bbbc673b6333b49962459 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sat, 23 May 2026 17:52:57 +0200
Subject: [PATCH 44/46] gen-ceriticates path

---
 .github/workflows/coverage.yml | 2 +-
 .github/workflows/fuzz.yml     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 8d3930903..6a7493209 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -22,7 +22,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Generate certificates
-        run: python tools/gen-certificates.py /tmp/mysql-tls
+        run: python tools/ci/gen-certificates.py /tmp/mysql-tls
 
       - name: Start containers
         uses: hoverkraft-tech/compose-action@v2.6.0
diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
index 9e08b13b6..4668e320e 100644
--- a/.github/workflows/fuzz.yml
+++ b/.github/workflows/fuzz.yml
@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v6
 
       - name: Generate certificates
-        run: python tools/gen-certificates.py /tmp/mysql-tls
+        run: python tools/ci/gen-certificates.py /tmp/mysql-tls
 
       - name: Start containers
         uses: hoverkraft-tech/compose-action@v2.6.0

From 773f47e3e104ac9623abfb6bb1f3cf1024bdafd9 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 24 May 2026 13:06:21 +0200
Subject: [PATCH 45/46] Fix coverage problem

---
 .github/workflows/coverage.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 6a7493209..847762028 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -58,7 +58,8 @@ jobs:
             --rc branch_coverage=0 \
             --output-file coverage.info \
             --extract all.info '*/boost/mysql*'
-          docker exec builder sed "s|^SF:/root/boost-root/|SF:include/|g" coverage.info > /boost-mysql/coverage.info
+          docker exec builder sed -i "s|^SF:/root/boost-root/|SF:include/|g" coverage.info
+          docker exec builder mv coverage.info /boost-mysql/coverage.info
 
       - name: Upload coverage reports
         uses: codecov/codecov-action@v6

From d301ac58f5bc44f1cfcf63d03215a189dfd4b959 Mon Sep 17 00:00:00 2001
From: Ruben Perez <rubenperez038@gmail.com>
Date: Sun, 24 May 2026 13:47:06 +0200
Subject: [PATCH 46/46] Fix codecov input args

---
 .github/workflows/coverage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 847762028..4d18d7b5c 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -68,7 +68,7 @@ jobs:
           fail_ci_if_error: true
           token: ${{ secrets.CODECOV_TOKEN }}
           plugins: noop # Don't run gcov again, codecov doesn't know about the filtering we perform
-          file: coverage.info
+          files: coverage.info
           disable_search: true # Don't upload unwanted files
           disable_file_fixes: true # Default fixes make reports unusable