mirror of
https://github.com/MariaDB/server.git
synced 2025-01-16 12:02:42 +01:00
82e64fde07
Use the slightly better Ubuntu version in both Ubuntu and Debian and latest versions of Debian don't have problems with AppArmor files included in packaging.
285 lines
12 KiB
Bash
285 lines
12 KiB
Bash
#!/bin/bash -e
|
|
|
|
. /usr/share/debconf/confmodule
|
|
|
|
if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
|
|
${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 }
|
|
|
|
export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
|
|
|
|
# This command can be used as pipe to syslog. With "-s" it also logs to stderr.
|
|
ERR_LOGGER="logger -p daemon.err -t mysqld_safe -i"
|
|
# This will make an error in a logged command immediately apparent by aborting
|
|
# the install, rather than failing silently and leaving a broken install.
|
|
set -o pipefail
|
|
|
|
invoke() {
|
|
if [ -x /usr/sbin/invoke-rc.d ]; then
|
|
invoke-rc.d mysql $1
|
|
else
|
|
/etc/init.d/mysql $1
|
|
fi
|
|
}
|
|
|
|
MYSQL_BOOTSTRAP="/usr/sbin/mysqld --bootstrap --user=mysql --disable-log-bin --skip-grant-tables --default-storage-engine=myisam"
|
|
|
|
test_mysql_access() {
|
|
mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1
|
|
}
|
|
|
|
# call with $1 = "online" to connect to the server, otherwise it bootstraps
|
|
set_mysql_rootpw() {
|
|
# forget we ever saw the password. don't use reset to keep the seen status
|
|
db_set mysql-server/root_password ""
|
|
db_set mysql-server/root_password_again ""
|
|
|
|
tfile=`mktemp`
|
|
if [ ! -f "$tfile" ]; then
|
|
return 1
|
|
fi
|
|
|
|
# this avoids us having to call "test" or "[" on $rootpw
|
|
cat << EOF > $tfile
|
|
USE mysql;
|
|
SET sql_log_bin=0;
|
|
UPDATE user SET password=PASSWORD("$rootpw") WHERE user='root';
|
|
FLUSH PRIVILEGES;
|
|
EOF
|
|
if grep -q 'PASSWORD("")' $tfile; then
|
|
retval=0
|
|
elif [ "$1" = "online" ]; then
|
|
mysql --no-defaults -u root -h localhost <$tfile >/dev/null
|
|
retval=$?
|
|
else
|
|
$MYSQL_BOOTSTRAP <$tfile
|
|
retval=$?
|
|
fi
|
|
rm -f $tfile
|
|
return $retval
|
|
}
|
|
|
|
# This is necessary because mysql_install_db removes the pid file in /var/run
|
|
# and because changed configuration options should take effect immediately.
|
|
# In case the server wasn't running at all it should be ok if the stop
|
|
# script fails. I can't tell at this point because of the cleaned /var/run.
|
|
set +e; invoke stop; set -e
|
|
|
|
case "$1" in
|
|
configure)
|
|
mysql_datadir=/usr/share/mysql
|
|
mysql_statedir=/var/lib/mysql
|
|
mysql_rundir=/var/run/mysqld
|
|
mysql_logdir=/var/log
|
|
mysql_cfgdir=/etc/mysql
|
|
mysql_newlogdir=/var/log/mysql
|
|
mysql_upgradedir=/var/lib/mysql-upgrade
|
|
|
|
# first things first, if the following symlink exists, it is a preserved
|
|
# copy the old data dir from a mysql upgrade that would have otherwise
|
|
# been replaced by an empty mysql dir. this should restore it.
|
|
for dir in DATADIR LOGDIR; do
|
|
if [ "$dir" = "DATADIR" ]; then targetdir=$mysql_statedir; else targetdir=$mysql_newlogdir; fi
|
|
savelink="$mysql_upgradedir/$dir.link"
|
|
if [ -L "$savelink" ]; then
|
|
# If the targetdir was a symlink before we upgraded it is supposed
|
|
# to be either still be present or not existing anymore now.
|
|
if [ -L "$targetdir" ]; then
|
|
rm "$savelink"
|
|
elif [ ! -d "$targetdir" ]; then
|
|
mv "$savelink" "$targetdir"
|
|
else
|
|
# this should never even happen, but just in case...
|
|
mysql_tmp=`mktemp -d -t mysql-symlink-restore-XXXXXX`
|
|
echo "this is very strange! see $mysql_tmp/README..." >&2
|
|
mv "$targetdir" "$mysql_tmp"
|
|
cat << EOF > "$mysql_tmp/README"
|
|
|
|
if you're reading this, it's most likely because you had replaced /var/lib/mysql
|
|
with a symlink, then upgraded to a new version of mysql, and then dpkg
|
|
removed your symlink (see #182747 and others). the mysql packages noticed
|
|
that this happened, and as a workaround have restored it. however, because
|
|
/var/lib/mysql seems to have been re-created in the meantime, and because
|
|
we don't want to rm -rf something we don't know as much about, we're going
|
|
to leave this unexpected directory here. if your database looks normal,
|
|
and this is not a symlink to your database, you should be able to blow
|
|
this all away.
|
|
|
|
EOF
|
|
fi
|
|
fi
|
|
rmdir $mysql_upgradedir 2>/dev/null || true
|
|
done
|
|
|
|
# Ensure the existence and right permissions for the database and
|
|
# log files.
|
|
if [ ! -d "$mysql_statedir" -a ! -L "$mysql_statedir" ]; then mkdir "$mysql_statedir"; fi
|
|
if [ ! -d "$mysql_statedir/mysql" -a ! -L "$mysql_statedir/mysql" ]; then mkdir "$mysql_statedir/mysql"; fi
|
|
if [ ! -d "$mysql_newlogdir" -a ! -L "$mysql_newlogdir" ]; then mkdir "$mysql_newlogdir"; fi
|
|
# When creating an ext3 jounal on an already mounted filesystem like e.g.
|
|
# /var/lib/mysql, you get a .journal file that is not modifyable by chown.
|
|
# The mysql_datadir must not be writable by the mysql user under any
|
|
# circumstances as it contains scripts that are executed by root.
|
|
set +e
|
|
chown -R 0:0 $mysql_datadir
|
|
chown -R mysql $mysql_statedir
|
|
chown -R mysql $mysql_rundir
|
|
chown -R mysql:adm $mysql_newlogdir; chmod 2750 $mysql_newlogdir;
|
|
for i in log err; do
|
|
touch $mysql_logdir/mysql.$i
|
|
chown mysql:adm $mysql_logdir/mysql.$i
|
|
chmod 0640 $mysql_logdir/mysql.$i
|
|
done
|
|
set -e
|
|
|
|
# This is important to avoid dataloss when there is a removed
|
|
# mysql-server version from Woody lying around which used the same
|
|
# data directory and then somewhen gets purged by the admin.
|
|
db_set mysql-server/postrm_remove_database false || true
|
|
|
|
# To avoid downgrades.
|
|
touch $mysql_statedir/debian-10.1.flag
|
|
|
|
# initiate databases. Output is not allowed by debconf :-(
|
|
# This will fail if we are upgrading an existing database; in this case
|
|
# mysql_upgrade, called from the /etc/init.d/mysql start script, will
|
|
# handle things.
|
|
# Debian: beware of the bashisms...
|
|
# Debian: can safely run on upgrades with existing databases
|
|
set +e
|
|
/bin/bash /usr/bin/mysql_install_db --rpm --user=mysql --disable-log-bin 2>&1 | $ERR_LOGGER
|
|
set -e
|
|
|
|
## On every reconfiguration the maintenance user is recreated.
|
|
#
|
|
# - It is easier to regenerate the password every time but as people
|
|
# use fancy rsync scripts and file alteration monitors, the existing
|
|
# password is used and existing files not touched.
|
|
# - The mysqld statement is like that in mysql_install_db because the
|
|
# server is not already running. This has some implications:
|
|
# - The amount of newlines and semicolons in the query is important!
|
|
# - GRANT is not possible with --skip-grant-tables and "INSERT
|
|
# (user,host..) VALUES" is not --ansi compliant
|
|
# - The echo is just for readability. ash's buildin has no "-e" so use /bin/echo.
|
|
# - The Super_priv, Show_db_priv, Create_tmp_table_priv and Lock_tables_priv
|
|
# may not be present as old Woody 3.23 databases did not have it and the
|
|
# admin might not already have run mysql_upgrade which adds them.
|
|
# As the binlog cron scripts to need at least the Super_priv, I do first
|
|
# the old query which always succeeds and then the new which may or may not.
|
|
|
|
# recreate the credentials file if not present or without mysql_upgrade stanza
|
|
dc=$mysql_cfgdir/debian.cnf;
|
|
if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
|
|
pass="`sed -n 's/^[ ]*password *= *// p' $dc | head -n 1`"
|
|
else
|
|
pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
|
|
if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
|
|
cat /dev/null > $dc
|
|
echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
|
|
echo "[client]" >>$dc
|
|
echo "host = localhost" >>$dc
|
|
echo "user = debian-sys-maint" >>$dc
|
|
echo "password = $pass" >>$dc
|
|
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
|
|
echo "[mysql_upgrade]" >>$dc
|
|
echo "host = localhost" >>$dc
|
|
echo "user = debian-sys-maint" >>$dc
|
|
echo "password = $pass" >>$dc
|
|
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
|
|
echo "basedir = /usr" >>$dc
|
|
fi
|
|
# If this dir chmod go+w then the admin did it. But this file should not.
|
|
chown 0:0 $dc
|
|
chmod 0600 $dc
|
|
|
|
# update privilege tables
|
|
password_column_fix_query=`/bin/echo -e \
|
|
"USE mysql;\n" \
|
|
"ALTER TABLE user CHANGE Password Password char(41) character set latin1 collate latin1_bin DEFAULT '' NOT NULL;"`
|
|
replace_query=`/bin/echo -e \
|
|
"USE mysql;\n" \
|
|
"SET sql_mode='';\n" \
|
|
"REPLACE INTO user SET " \
|
|
" host='localhost', user='debian-sys-maint', password=password('$pass'), " \
|
|
" Select_priv='Y', Insert_priv='Y', Update_priv='Y', Delete_priv='Y', " \
|
|
" Create_priv='Y', Drop_priv='Y', Reload_priv='Y', Shutdown_priv='Y', " \
|
|
" Process_priv='Y', File_priv='Y', Grant_priv='Y', References_priv='Y', " \
|
|
" Index_priv='Y', Alter_priv='Y', Super_priv='Y', Show_db_priv='Y', "\
|
|
" Create_tmp_table_priv='Y', Lock_tables_priv='Y', Execute_priv='Y', "\
|
|
" Repl_slave_priv='Y', Repl_client_priv='Y', Create_view_priv='Y', "\
|
|
" Show_view_priv='Y', Create_routine_priv='Y', Alter_routine_priv='Y', "\
|
|
" Create_user_priv='Y', Event_priv='Y', Trigger_priv='Y',"\
|
|
" ssl_cipher='', x509_issuer='', x509_subject='';"`;
|
|
# Engines supported by etch should be installed per default. The query sequence is supposed
|
|
# to be aborted if the CREATE TABLE fails due to an already existent table in which case the
|
|
# admin might already have chosen to remove one or more plugins. Newlines are necessary.
|
|
install_plugins=`/bin/echo -e \
|
|
"USE mysql;\n" \
|
|
"CREATE TABLE IF NOT EXISTS plugin (name char(64) COLLATE utf8_bin NOT NULL DEFAULT '', " \
|
|
" dl char(128) COLLATE utf8_bin NOT NULL DEFAULT '', " \
|
|
" PRIMARY KEY (name)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='MySQL plugins';" `
|
|
|
|
# Upgrade password column format before the root password gets set.
|
|
echo "$password_column_fix_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
|
|
|
|
db_get mysql-server/root_password && rootpw="$RET"
|
|
if ! set_mysql_rootpw; then
|
|
password_error="yes"
|
|
fi
|
|
|
|
set +e
|
|
echo "$replace_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
|
|
echo "$install_plugins" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
|
|
set -e
|
|
|
|
# If there is a real AppArmor profile, we reload it.
|
|
# If the default empty profile is installed, then we remove any old
|
|
# profile that may be loaded.
|
|
# This allows upgrade from old versions (that have an apparmor profile
|
|
# on by default) to work both to disable a default profile, and to keep
|
|
# any profile installed and maintained by users themselves.
|
|
profile="/etc/apparmor.d/usr.sbin.mysqld"
|
|
if [ -f "$profile" ] && aa-status --enabled 2>/dev/null; then
|
|
if grep -q /usr/sbin/mysqld "$profile" 2>/dev/null ; then
|
|
apparmor_parser -r "$profile" || true
|
|
else
|
|
echo "/usr/sbin/mysqld { }" | apparmor_parser --remove 2>/dev/null || true
|
|
fi
|
|
fi
|
|
;;
|
|
|
|
abort-upgrade|abort-remove|abort-configure)
|
|
;;
|
|
|
|
*)
|
|
echo "postinst called with unknown argument '$1'" 1>&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# here we check to see if we can connect as root without a password
|
|
# this should catch upgrades from previous versions where the root
|
|
# password wasn't set. if there is a password, or if the connection
|
|
# fails for any other reason, nothing happens.
|
|
if [ "$1" = "configure" ]; then
|
|
if test_mysql_access; then
|
|
db_input medium mysql-server/root_password || true
|
|
db_go
|
|
db_get mysql-server/root_password && rootpw="$RET"
|
|
|
|
if ! set_mysql_rootpw "online"; then
|
|
password_error="yes"
|
|
fi
|
|
fi
|
|
|
|
if [ "$password_error" = "yes" ]; then
|
|
db_input high mysql-server/error_setting_password || true
|
|
db_go
|
|
fi
|
|
|
|
fi
|
|
|
|
db_stop # in case invoke failes
|
|
|
|
#DEBHELPER#
|
|
|
|
exit 0
|