mariadb/debian/mariadb-server.postinst

#!/bin/bash
set -e

# shellcheck source=/dev/null
. /usr/share/debconf/confmodule

if [ -n "$DEBIAN_SCRIPT_DEBUG" ]
then
  set -v -x
  DEBIAN_SCRIPT_TRACE=1
fi

${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2}

export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin

# This command can be used as pipe to syslog. With "-s" it also logs to stderr.
ERR_LOGGER="logger -p daemon.err -t mariadb-server.postinst -i"
# Specify syslog tag name so it is clear the entry came from this postinst script.
# This will make an error in a logged command immediately apparent by aborting
# the install, rather than failing silently and leaving a broken install.
set -o pipefail

case "$1" in
  configure)
    # This is needed because mariadb-install-db removes the pid file in /run
    # and because changed configuration options should take effect immediately.
    # In case the server wasn't running at all it should be ok if the stop
    # script fails. I can't tell at this point because of the cleaned /run.
    set +e
    invoke-rc.d mariadb stop
    set -e

    # An existing /etc/init.d/mysql might be on the system if there was a
    # previous MySQL or MariaDB installation, since /etc/init.d files are
    # considered config files and stay around even after the package is removed.
    #
    # The install step of this package adds a new /etc/init.d/mariadb file. As
    # we also want to ensure that there are no old (and potentially outdated)
    # versions of /etc/init.d/mysql we simply replace it using a copy of the
    # latest 'mariadb' file. This has also the added benefit that anything that
    # invokes traditional sysv init with either 'mysql' or 'mariadb' will end up
    # controlling this newly installed MariaDB, and thus we maintain better
    # backwards compatibility.
    #
    # Note that the 'Provides' line is also updated to avoid 'insserv' exiting
    # on failure (when it is run by update-rc.d) because of duplicate service
    # names.
    if [ -f "/etc/init.d/mysql" ] && [ -f "/etc/init.d/mariadb" ]
    then
      # Copy init file and rename the service name and filename on the fly
      sed 's/Provides:          mariadb/Provides:          mysql/g' /etc/init.d/mariadb > /etc/init.d/mysql
      # NOTE: Number of spaces/tabs is important here!
      # Confirm if the sed worked
      if ! grep --quiet "Provides:          mysql" /etc/init.d/mysql
      then
        # If not, then delete the file to avoid failures later on
        rm -f /etc/init.d/mysql
        echo "Warning! Failed creating a mysql named copy of mariadb init.d file"
      fi
    fi

    mariadb_statedir=/usr/share/mariadb
    mariadb_datadir=/var/lib/mysql
    mariadb_logdir=/var/log/mysql
    mariadb_cfgdir=/etc/mysql
    mariadb_upgradedir=/var/lib/mysql-upgrade

    # If the following symlink exists, it is a preserved copy the old data dir
    # created by the preinst script during a upgrade that would have otherwise
    # been replaced by an empty mysql dir.  This should restore it.
    for dir in DATADIR LOGDIR
    do

      if [ "$dir" = "DATADIR" ]
      then
        targetdir=$mariadb_datadir
      else
        targetdir=$mariadb_logdir
      fi

      savelink="$mariadb_upgradedir/$dir.link"
      if [ -L "$savelink" ]
      then
        # If the targetdir was a symlink before we upgraded it is supposed
        # to be either still be present or not existing anymore now.
        if [ -L "$targetdir" ]
        then
          rm "$savelink"
        elif [ ! -d "$targetdir" ]
        then
          mv "$savelink" "$targetdir"
        else
          # this should never even happen, but just in case...
          mariadb_tmp=$(mktemp -d -t mariadb-symlink-restore-XXXXXX)
          echo "this is very strange!  see $mariadb_tmp/README..." >&2
          mv "$targetdir" "$mariadb_tmp"
          cat << EOF > "$mariadb_tmp/README"

If you're reading this, it's most likely because you had replaced /var/lib/mysql
with a symlink, then upgraded to a new version of mysql, and then dpkg
removed your symlink (see #182747 and others). The mysql packages noticed
that this happened, and as a workaround have restored it. However, because
/var/lib/mysql seems to have been re-created in the meantime, and because
we don't want to rm -rf something we don't know as much about, we are going
to leave this unexpected directory here. If your database looks normal,
and this is not a symlink to your database, you should be able to blow
this all away.

EOF
        fi
      fi
      rmdir $mariadb_upgradedir 2>/dev/null || true

    done # end 'for dir' loop

    # Upgrading from mysql.com needs might have the root user as auth_socket.
    # auto.cnf is a sign of a mysql install, that doesn't exist in mariadb.
    # We use lsof to protect against concurrent access by mysqld (mariadb has
    # its own projection). We make sure we're not doing this on a MySQL-8.0
    # directory.
    # This direct update is needed to enable an authentication mechanism to
    # perform mariadb-upgrade, (MDEV-22678).  To keep the impact minimal, we
    # skip innodb and set key-buffer-size to 0 as it isn't reused.
    if [ -f "$mariadb_datadir/auto.cnf" ] &&
       [ -f "$mariadb_datadir/mysql/user.MYD" ] &&
       ! lsof -nt "$mariadb_datadir"/mysql/user.MYD > /dev/null &&
       [ ! -f "$mariadb_datadir/undo_001" ]
    then
      echo "UPDATE mysql.user SET plugin='unix_socket' WHERE plugin='auth_socket';" | \
        mariadbd --skip-innodb --key_buffer_size=0  --default-storage-engine=MyISAM --bootstrap 2> /dev/null
    fi

    # Ensure the existence and right permissions for the database and
    # log files. Use mkdir option 'Z' to create with correct SELinux context.
    if [ ! -d "$mariadb_statedir" ] && [ ! -L "$mariadb_statedir" ]
    then
      mkdir -Z "$mariadb_statedir"
    fi
    if [ ! -d "$mariadb_datadir"  ] && [ ! -L "$mariadb_datadir" ]
    then
      mkdir -Z "$mariadb_datadir"
    fi
    if [ ! -d "$mariadb_logdir"   ] && [ ! -L "$mariadb_logdir"  ]
    then
      mkdir -Z "$mariadb_logdir"
    fi
    # When creating an ext3 jounal on an already mounted filesystem like e.g.
    # /var/lib/mysql, you get a .journal file that is not modifiable by chown.
    # The mariadb_statedir must not be writable by the mysql user under any
    # circumstances as it contains scripts that are executed by root.
    set +e
    find $mariadb_statedir ! -uid 0 -print0 -or ! -gid 0 -print0 | xargs -0 -r sudo chown 0:0
    find $mariadb_datadir ! -uid "$(id -u mysql)" -print0 | xargs -0 -r chown mysql
    chown mysql:adm $mariadb_logdir
    find "$mariadb_logdir" -print0 | xargs -0 -r chown mysql:adm
    chmod 2750 $mariadb_logdir
    set -e

    ## Set the correct filesystem ownership for the PAM v2 plugin
    # eg. /usr/lib/x86_64-linux-gnu/mysql/plugin/auth_pam_tool_dir/
    # NOTE! This is security sensitive, don't allow for a race condition.
    #
    # 1. Drop privileges of directory
    # -> At this point only root can see and execute auth_pam_tool
    chmod 0700 /usr/lib/mysql/plugin/auth_pam_tool_dir
    #
    # 2. Make binary setuid
    # -> At this point only root can run the setuid binary so no escalation here yet
    chmod 04755 /usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
    #
    # 3. Allow user 'mysql' to see and execute auth_pam_tool
    # -> Now user mysql owns the directory and can see and execute the binary inside
    # -> Since the binary is setuid, user mysql gets limited root powers here to
    #    run the PAM authetications, which need root (e.g. to validate passwords
    #    against /etc/shadow)
    chown mysql /usr/lib/mysql/plugin/auth_pam_tool_dir

    # This is important to avoid dataloss when there is a removed
    # mariadb-server version from Woody lying around which used the same
    # data directory and then somehow gets purged by the admin.
    db_set mariadb-server/postrm_remove_database false || true

    # Clean up old flags before setting new one
    rm -f $mariadb_datadir/debian-*.flag
    # Flag data dir to avoid downgrades
    # @TODO: Rewrite this to use the new upstream /var/lib/mysql_upgrade_info file
    # instead of the legacy /var/lib/debian-XX.X.flag file
    touch "$mariadb_datadir/debian-__MARIADB_MAJOR_VER__.flag"

    # initiate databases. Output is not allowed by debconf :-(
    # This will fail if we are upgrading an existing database; in this case
    # mariadb-upgrade, called from the /etc/mysql/debian-start script, will
    # handle things.
    # Debian: beware of the bashisms...
    # Debian: can safely run on upgrades with existing databases
    # Workaround for Debian Bug #1022994: failure to create database when
    # working with libpam-tmpdir (by setting TMPDIR to empty value).
    set +e
    TMPDIR='' bash /usr/bin/mariadb-install-db \
      --rpm --cross-bootstrap \
      --user=mysql --disable-log-bin \
      --skip-test-db 2>&1 | \
      $ERR_LOGGER
    set -e

    # On new installations root user can connect via unix_socket.
    # But on upgrades, scripts rely on debian-sys-maint user and
    # credentials in /etc/mysql/debian.cnf
    # All tools use --defaults-file=/etc/mysql/debian.cnf
    # And while it's not needed for new installations, we keep using
    # --defaults-file option for tools (for the sake of upgrades)
    # and thus need /etc/mysql/debian.cnf to exist, even if it's empty.
    # In the long run the goal is to obsolete this file.
    dc="$mariadb_cfgdir/debian.cnf"
    if [ ! -d "$mariadb_cfgdir" ]
    then
      install -o 0 -g 0 -m 0755 -d $mariadb_cfgdir
    fi

    if [ ! -e "$dc" ]
    then
      cat /dev/null > $dc
      {
        echo "# THIS FILE IS OBSOLETE. STOP USING IT IF POSSIBLE.";
        echo "# This file exists only for backwards compatibility for";
        echo "# tools that run '--defaults-file=/etc/mysql/debian.cnf'";
        echo "# and have root level access to the local filesystem.";
        echo "# With those permissions one can run 'mariadb' directly";
        echo "# anyway thanks to unix socket authentication and hence";
        echo "# this file is useless. See package README for more info.";
        echo "[client]";
        echo "host     = localhost";
        echo "user     = root";
        echo "[mariadb_upgrade]";
        echo "host     = localhost";
        echo "user     = root";
        echo "# THIS FILE WILL BE REMOVED IN A FUTURE DEBIAN RELEASE.";
      } >> $dc
    fi
    # Keep it only root-readable, as it always was
    chown 0:0 $dc
    chmod 0600 $dc

    # If there is a real AppArmor profile, we reload it.
    # If the default empty profile is installed, then we remove any old
    # profile that may be loaded.
    # This allows upgrade from old versions (that have an apparmor profile
    # on by default) to work both to disable a default profile, and to keep
    # any profile installed and maintained by users themselves.
    profile="/etc/apparmor.d/usr.sbin.mariadbd"
    if [ -f "$profile" ] && aa-status --enabled 2> /dev/null
    then
      if grep -q /usr/sbin/mariadbd "$profile" 2> /dev/null
      then
        apparmor_parser -r "$profile" || true
      else
        echo "/usr/sbin/mariadbd { }" | apparmor_parser --remove 2> /dev/null || true
      fi
    fi

    # The introduction of /etc/logrotate.d/mariadb has made the old config
    # obsolete and it needs to be disabled to prevent logrotate running twice.
    if [ -f /etc/logrotate.d/mysql-server ]
    then
      mv -vf /etc/logrotate.d/mysql-server /etc/logrotate.d/mysql-server.dpkg-bak
    fi

    # @TODO: Remove once buildbot.askmonty.org has been updated not to expect this file
    mkdir -p /etc/systemd/system/mariadb.service.d/
    # Note that file cannot be empty, otherwise systemd version in Ubuntu Bionic
    # will think the service is masked
    echo "# empty placeholder" > /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
    ;;

  abort-upgrade|abort-remove|abort-configure)
    ;;

  triggered)
    if [ -d /run/systemd/system ]
    then
      systemctl --system daemon-reload
    elif [ -x /etc/init.d/mariadb ]
    then
      invoke-rc.d mariadb restart
    fi
    ;;

  *)
    echo "postinst called with unknown argument '$1'" 1>&2
    exit 1
    ;;
esac

db_stop # in case invoke fails

#DEBHELPER#