don't let mysql_install_db set SUID bit for auth_pam_tool in rpm/deb
packages - instead package files with correct permissions and
only fix the ownership of auth_pam_tool_dir (which can only be done
after mysql user is created, so in post-install).
keep old mysql_install_db behavior for bintars
In Debian official the MariaDB plugins (.so files) go to a separate
versioned directory so that upgrades and dependencies will work correctly.
This change extends this script to check the /usr/lib/*/mariadb19/..
directory in addition to what it already does. Without this change
the script fails with:
$ mysql_install_db ...
Cannot change ownership of the '/auth_pam_tool_dir' directory
to the 'mysql' user. Check that you have the necessary permissions and
try again.
- Added mariadb-# to load_default_groups to all mariadb-# scripts and
mariadb-binaries.
- Added mariadbd and mariadbd-"version" to load_default_groups for the
mysqld/mariadb server
- Added mariadb-client to load_default_groups for the mysql/mariadb client
Other things
- Ignored mysql-test/lib/My/SafeProcess/wsrep_check_version
- mysql_install_db will now automatically detect if run from srcdir
The assumption in the original commit for --builddir (648d3cedbc),
was to assume that without a --builddir, and when --srcdir
is specified, that the builddir is the same as the srcdir.
The problem is that this assumption does not hold for out-of-source
builds and we can figure out the builddir by looking for where
mysql_install_db script is.
As mysql_install_db is in the builddir, we use dirname0 as the builddir after
checking that my_print_defaults is also located from dirname0, otherwise
default to old behavior.
but even if this script called as /bin/mysql_install_db
it is still standard install and scripts are in /usr/share/
(but not in the /share/)
2. fix of bindir path
Change the default authentication for root@localhost to
IDENTIFIED VIA mysql_native_password USING 'invalid' OR unix_socket
which provides secure passwordless login, while still allowing
SET PASSWORD to work as expected.
Also create a second all-privilege account for the user that owns
datadir (and thus has full access to the data anyway).
Compile unix_socket plugin statically into the server.
Avoid introducing new dependencies or new syntax.
That is, don't use $(...) and don't assume dirname is present.
And remove unsighty /foo/bar/../xyz from the path. Use dirname
instead of ../
