mirror of
https://github.com/MariaDB/server.git
synced 2025-01-29 18:20:07 +01:00
7803601dcb
Replace all references to /usr/sbin/mysqld (and bin and libexec) with mariadbd, so that the binary server will always be 'mariadbd'. Also update all places that reference the server binary in other ways, such as AppArmor profiles and scripts that previously expected to find a 'mysqld' in process lists.
248 lines
10 KiB
Bash
248 lines
10 KiB
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
. /usr/share/debconf/confmodule
|
|
|
|
# Automatically set version to ease maintenance of this file
|
|
MAJOR_VER="${DPKG_MAINTSCRIPT_PACKAGE#mariadb-server-}"
|
|
|
|
if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
|
|
${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 }
|
|
|
|
export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
|
|
|
|
# This command can be used as pipe to syslog. With "-s" it also logs to stderr.
|
|
ERR_LOGGER="logger -p daemon.err -t mariadb-server-$MAJOR_VER.postinst -i"
|
|
# Specify syslog tag name so it is clear the entry came from this postinst script.
|
|
# This will make an error in a logged command immediately apparent by aborting
|
|
# the install, rather than failing silently and leaving a broken install.
|
|
set -o pipefail
|
|
|
|
case "$1" in
|
|
configure)
|
|
# This is needed because mysql_install_db removes the pid file in /run
|
|
# and because changed configuration options should take effect immediately.
|
|
# In case the server wasn't running at all it should be ok if the stop
|
|
# script fails. I can't tell at this point because of the cleaned /run.
|
|
set +e; invoke-rc.d mariadb stop; set -e
|
|
|
|
# An existing /etc/init.d/mysql might be on the system if there was a
|
|
# previous MySQL or MariaDB installation, since /etc/init.d files are
|
|
# considered config files and stay around even after the package is removed.
|
|
#
|
|
# The install step of this package adds a new /etc/init.d/mariadb file. As
|
|
# we also want to ensure that there are no old (and potentially outdated)
|
|
# versions of /etc/init.d/mysql we simply replace it using a copy of the
|
|
# latest 'mariadb' file. This has also the added benefit that anything that
|
|
# invokes traditional sysv init with either 'mysql' or 'mariadb' will end up
|
|
# controlling this newly installed MariaDB, and thus we maintain better
|
|
# backwards compatiblity.
|
|
#
|
|
# Note that the 'Provides' line is also updated to avoid 'insserv' exiting
|
|
# on failure (when it is run by update-rc.d) because of duplicate service
|
|
# names.
|
|
if [ -f "/etc/init.d/mysql" ] && [ -f "/etc/init.d/mariadb" ]
|
|
then
|
|
# Copy init file and rename the service name and filename on the fly
|
|
sed 's/Provides: mariadb/Provides: mysql/g' /etc/init.d/mariadb > /etc/init.d/mysql
|
|
# NOTE: Number of spaces/tabs is important here!
|
|
# Confirm if the sed worked
|
|
if ! grep --quiet "Provides: mysql" /etc/init.d/mysql
|
|
then
|
|
# If not, then delete the file to avoid failures later on
|
|
rm -f /etc/init.d/mysql
|
|
echo "Warning! Failed creating a mysql named copy of mariadb init.d file"
|
|
fi
|
|
fi
|
|
|
|
mysql_statedir=/usr/share/mysql
|
|
mysql_datadir=/var/lib/mysql
|
|
mysql_logdir=/var/log/mysql
|
|
mysql_cfgdir=/etc/mysql
|
|
mysql_upgradedir=/var/lib/mysql-upgrade
|
|
|
|
# If the following symlink exists, it is a preserved copy the old data dir
|
|
# created by the preinst script during a upgrade that would have otherwise
|
|
# been replaced by an empty mysql dir. This should restore it.
|
|
for dir in DATADIR LOGDIR; do
|
|
|
|
if [ "$dir" = "DATADIR" ]; then
|
|
targetdir=$mysql_datadir
|
|
else
|
|
targetdir=$mysql_logdir
|
|
fi
|
|
|
|
savelink="$mysql_upgradedir/$dir.link"
|
|
if [ -L "$savelink" ]; then
|
|
# If the targetdir was a symlink before we upgraded it is supposed
|
|
# to be either still be present or not existing anymore now.
|
|
if [ -L "$targetdir" ]; then
|
|
rm "$savelink"
|
|
elif [ ! -d "$targetdir" ]; then
|
|
mv "$savelink" "$targetdir"
|
|
else
|
|
# this should never even happen, but just in case...
|
|
mysql_tmp=$(mktemp -d -t mysql-symlink-restore-XXXXXX)
|
|
echo "this is very strange! see $mysql_tmp/README..." >&2
|
|
mv "$targetdir" "$mysql_tmp"
|
|
cat << EOF > "$mysql_tmp/README"
|
|
|
|
If you're reading this, it's most likely because you had replaced /var/lib/mysql
|
|
with a symlink, then upgraded to a new version of mysql, and then dpkg
|
|
removed your symlink (see #182747 and others). The mysql packages noticed
|
|
that this happened, and as a workaround have restored it. However, because
|
|
/var/lib/mysql seems to have been re-created in the meantime, and because
|
|
we don't want to rm -rf something we don't know as much about, we are going
|
|
to leave this unexpected directory here. If your database looks normal,
|
|
and this is not a symlink to your database, you should be able to blow
|
|
this all away.
|
|
|
|
EOF
|
|
fi
|
|
fi
|
|
rmdir $mysql_upgradedir 2>/dev/null || true
|
|
|
|
done
|
|
|
|
# Ensure the existence and right permissions for the database and
|
|
# log files. Use mkdir option 'Z' to create with correct SELinux context.
|
|
if [ ! -d "$mysql_statedir" ] && [ ! -L "$mysql_statedir" ]; then mkdir -Z "$mysql_statedir"; fi
|
|
if [ ! -d "$mysql_datadir" ] && [ ! -L "$mysql_datadir" ]; then mkdir -Z "$mysql_datadir" ; fi
|
|
if [ ! -d "$mysql_logdir" ] && [ ! -L "$mysql_logdir" ]; then mkdir -Z "$mysql_logdir" ; fi
|
|
# When creating an ext3 jounal on an already mounted filesystem like e.g.
|
|
# /var/lib/mysql, you get a .journal file that is not modifyable by chown.
|
|
# The mysql_statedir must not be writable by the mysql user under any
|
|
# circumstances as it contains scripts that are executed by root.
|
|
set +e
|
|
chown -R 0:0 $mysql_statedir
|
|
find $mysql_datadir ! -uid "$(id -u mysql)" -print0 | xargs -0 -r chown mysql
|
|
chown -R mysql:adm $mysql_logdir
|
|
chmod 2750 $mysql_logdir
|
|
set -e
|
|
|
|
## Set the correct filesystem ownership for the PAM v2 plugin
|
|
# eg. /usr/lib/x86_64-linux-gnu/mysql/plugin/auth_pam_tool_dir/
|
|
# NOTE! This is security sensitive, don't allow for a race condition.
|
|
#
|
|
# 1. Drop privileges of directory
|
|
# -> At this point only root can see and execute auth_pam_tool
|
|
chmod 0700 /usr/lib/mysql/plugin/auth_pam_tool_dir
|
|
#
|
|
# 2. Make binary setuid
|
|
# -> At this point only root can run the setuid binary so no escalation here yet
|
|
chmod 04755 /usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool
|
|
#
|
|
# 3. Allow user 'mysql' to see and execute auth_pam_tool
|
|
# -> Now user mysql owns the directory and can see and execute the binary inside
|
|
# -> Since the binary is setuid, user mysql gets limited root powers here to
|
|
# run the PAM authetications, which need root (e.g. to validate passwords
|
|
# against /etc/shadow)
|
|
chown mysql /usr/lib/mysql/plugin/auth_pam_tool_dir
|
|
|
|
# This is important to avoid dataloss when there is a removed
|
|
# mysql-server version from Woody lying around which used the same
|
|
# data directory and then somewhen gets purged by the admin.
|
|
db_set mariadb-server/postrm_remove_database false || true
|
|
|
|
# Clean up old flags before setting new one
|
|
rm -f $mysql_datadir/debian-*.flag
|
|
# Flag data dir to avoid downgrades
|
|
touch "$mysql_datadir/debian-$MAJOR_VER.flag"
|
|
|
|
# initiate databases. Output is not allowed by debconf :-(
|
|
# This will fail if we are upgrading an existing database; in this case
|
|
# mysql_upgrade, called from the /etc/init.d/mariadb start script, will
|
|
# handle things.
|
|
# Debian: beware of the bashisms...
|
|
# Debian: can safely run on upgrades with existing databases
|
|
set +e
|
|
bash /usr/bin/mysql_install_db --rpm --cross-bootstrap --user=mysql \
|
|
--disable-log-bin --skip-test-db 2>&1 | \
|
|
$ERR_LOGGER
|
|
set -e
|
|
|
|
# To avoid downgrades.
|
|
touch "$mysql_statedir/debian-$MAJOR_VER.flag"
|
|
|
|
# On new installations root user can connect via unix_socket.
|
|
# But on upgrades, scripts rely on debian-sys-maint user and
|
|
# credentials in /etc/mysql/debian.cnf
|
|
# All tools use --defaults-file=/etc/mysql/debian.cnf
|
|
# And while it's not needed for new installations, we keep using
|
|
# --defaults-file option for tools (for the sake of upgrades)
|
|
# and thus need /etc/mysql/debian.cnf to exist, even if it's empty.
|
|
dc=$mysql_cfgdir/debian.cnf;
|
|
if [ ! -d "$mysql_cfgdir" ]; then
|
|
install -o 0 -g 0 -m 0755 -d $mysql_cfgdir
|
|
fi
|
|
if [ ! -e "$dc" ]; then
|
|
cat /dev/null > $dc
|
|
echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
|
|
fi
|
|
# Keep it only root-readable, as it always was
|
|
chown 0:0 $dc
|
|
chmod 0600 $dc
|
|
|
|
# If there is a real AppArmor profile, we reload it.
|
|
# If the default empty profile is installed, then we remove any old
|
|
# profile that may be loaded.
|
|
# This allows upgrade from old versions (that have an apparmor profile
|
|
# on by default) to work both to disable a default profile, and to keep
|
|
# any profile installed and maintained by users themselves.
|
|
profile="/etc/apparmor.d/usr.sbin.mariadbd"
|
|
if [ -f "$profile" ] && aa-status --enabled 2>/dev/null; then
|
|
if grep -q /usr/sbin/mariadbd "$profile" 2>/dev/null ; then
|
|
apparmor_parser -r "$profile" || true
|
|
else
|
|
echo "/usr/sbin/mariadbd { }" | apparmor_parser --remove 2>/dev/null || true
|
|
fi
|
|
fi
|
|
|
|
# @TODO: Remove once buildbot.askmonty.org has been updated not to expect this file
|
|
mkdir -p /etc/systemd/system/mariadb.service.d/
|
|
# Note that file cannot be empty, otherwise systemd version in Ubuntu Bionic
|
|
# will think the service is masked
|
|
echo "# empty placeholder" > /etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
|
|
|
|
;;
|
|
|
|
abort-upgrade|abort-remove|abort-configure)
|
|
;;
|
|
|
|
triggered)
|
|
if [ -x "$(command -v systemctl)" ]; then
|
|
systemctl daemon-reload
|
|
else
|
|
invoke-rc.d mariadb restart
|
|
fi
|
|
;;
|
|
|
|
*)
|
|
echo "postinst called with unknown argument '$1'" 1>&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
db_stop # in case invoke failes
|
|
|
|
# dh_systemd_start doesn't emit anything since we still ship /etc/init.d/mariadb.
|
|
# Thus MariaDB server is started via init.d script, which in turn redirects to
|
|
# systemctl. If we upgrade from MySQL mysql.service may be masked, which also
|
|
# means init.d script is disabled. Unmask mysql service explicitly.
|
|
# Check first that the command exists, to avoid emitting any warning messages.
|
|
if [ -x "$(command -v deb-systemd-helper)" ]; then
|
|
deb-systemd-helper unmask mysql.service > /dev/null
|
|
fi
|
|
|
|
#DEBHELPER#
|
|
|
|
# Modified dh_systemd_start snippet that's not added automatically
|
|
if [ -d /run/systemd/system ]; then
|
|
systemctl --system daemon-reload >/dev/null || true
|
|
deb-systemd-invoke start mariadb.service >/dev/null || true
|
|
# Modified dh_installinit snippet to only run with sysvinit
|
|
elif [ -x "/etc/init.d/mariadb" ]; then
|
|
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then
|
|
invoke-rc.d mariadb start || exit $?
|
|
fi
|
|
fi
|