maria-developers team mailing list archive

[Jean Weisbuch <jean@xxxxxxxxxx>]

Sorry, i posted the wrong diff file, here is the right one.

ps: i havent tried the postinst script

Le 03/03/2015 02:29, Jean Weisbuch a écrit :
> [...]
>
> --- mariadb-server-10.0.postinst    2015-03-03 01:04:34.054732754 +0100
> +++ mariadb-server-10.0.postinst    2015-03-03 02:17:46.753503859 +0100


--- mariadb-server-10.0.postinst    2015-03-03 01:04:34.054732754 +0100
+++ mariadb-server-10.0.postinst    2015-03-03 02:31:01.075282368 +0100
@@ -29,19 +29,25 @@
        mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1
 }

-# call with $1 = "online" to connect to the server, otherwise it bootstraps
+# This function resets the root@localhost user password and enable the
+# usage of the unix_socket plugin for it.
+# Call with $1 = "online" to connect to the server, otherwise it bootstraps
 set_mysql_rootpw() {
-
-       tfile=`mktemp`
+       tfile="$(mktemp)"
        if [ ! -f "$tfile" ]; then
                return 1
        fi

-       # this avoids us having to call "test" or "[" on $rootpw
+       # The reset_root statement is used to verify that the 
unix_socket plugin
+       # is active before resetting the root@localhost password ; if 
the plugin
+       # is not active, it will fail with "ERROR 1065 (42000): Query 
was empty"
+
+       # This avoids us having to call "test" or "[" on $rootpw
        cat << EOF > $tfile
-USE mysql;
 SET sql_log_bin=0;
-UPDATE user SET password="", plugin="unix_socket" WHERE user='root';
+SET @reset_root=IF( (SELECT 1 FROM INFORMATION_SCHEMA.PLUGINS WHERE 
PLUGIN_NAME='unix_socket' AND PLUGIN_STATUS='ACTIVE' AND 
PLUGIN_TYPE='AUTHENTICATION' AND PLUGIN_LIBRARY LIKE 
CONCAT('auth_socket','%') )=1, "UPDATE mysql.user SET Password='', 
Plugin='unix_socket' WHERE User='root' AND Host='localhost'", '');
+PREPARE reset_root FROM @reset_root;
+EXECUTE reset_root;
 FLUSH PRIVILEGES;
 EOF
        if [ "$1" = "online" ]; then
@@ -51,7 +57,7 @@
                $MYSQL_BOOTSTRAP <$tfile
                retval=$?
        fi
-       rm -f $tfile
+       rm -f "$tfile"
        return $retval
 }

@@ -122,81 +128,83 @@
     #   As the binlog cron scripts to need at least the Super_priv, I 
do first
     #   the old query which always succeeds and then the new which may 
or may not.

-    # recreate the credentials file if not present or with debian-sys-maint
+    # Recreates the credentials file if not present or with 
debian-sys-maint
     # still there
-    dc=$mysql_cfgdir/debian.cnf;
-    if [ ! -e "$dc" -o -n "`fgrep debian-sys-maint $dc 2>/dev/null`" ]; 
then
-        if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d 
$mysql_cfgdir; fi
+    dc=$mysql_cfgdir/debian.cnf
+    fgrep -q debian-sys-maint $dc
+    if [ ! -e "$dc" -o $? -ne 0 ]; then
+        # debian.cnf does not exists or contains the debian-sys-maint user
         if [ -e "$dc" ]; then
-          oldconf=`mktemp --tmpdir=$mysql_cfgdir -t 
debian_old_config.XXXXXX`
-          cp $dc $oldconf
+            # A backup of the existing debian.cnf is done
+            # In case the migration to auth_socket would fail, it will 
be restored
+            oldconf="$(mktemp --tmpdir=$mysql_cfgdir -t 
debian_old_config.XXXXXX)"
+            cp "$dc" "$oldconf"
         else
-          oldconf=''
+            # There was no pre-existing debian.cnf file
+            oldconf=''
+            if [ ! -d "$mysql_cfgdir" ]; then
+              # The configuration directory does not exists
+              install -o 0 -g 0 -m 0755 -d $mysql_cfgdir
+            fi
         fi
+
+        # (re)creation of the debian.cnf file
         umask 066
-        cat /dev/null > $dc
+        > $dc
         umask 022
-        echo "# Automatically generated for Debian scripts. DO NOT 
TOUCH!" >>$dc
-        echo "[client]" >>$dc
-        echo "host     = 
localhost"                                        >>$dc
-        echo "user     = 
root"                                             >>$dc
-        echo "password = 
"                                                 >>$dc
-        echo "socket   = 
$mysql_rundir/mysqld.sock"                        >>$dc
-        echo "[mysql_upgrade]" >>$dc
-        echo "host     = 
localhost"                                        >>$dc
-        echo "user     = 
root"                                             >>$dc
-        echo "password = 
"                                                 >>$dc
-        echo "socket   = 
$mysql_rundir/mysqld.sock"                        >>$dc
-        echo "basedir  = 
/usr"                                             >>$dc
+        echo "# Automatically generated for Debian scripts. DO NOT TOUCH!
+[client]
+host     = localhost
+user     = root
+password =
+socket   = $mysql_rundir/mysqld.sock
+[mysql_upgrade]
+host     = localhost
+user     = root
+password =
+socket   = $mysql_rundir/mysqld.sock
+basedir  = /usr" >>$dc
     fi
+
     # If this dir chmod go+w then the admin did it. But this file 
should not.
     chown 0:0 $dc
     chmod 0600 $dc

-    # Update privilege tables
-    password_column_fix_query=`/bin/echo -e \
-        "USE mysql;\n" \
-        "SET sql_log_bin=0;\n" \
-        "ALTER TABLE user CHANGE Password Password char(41) character 
set latin1 collate latin1_bin DEFAULT '' NOT NULL;"`
-
-    # Upgrade password column format before the root password gets set.
-    # NOTE: Lines like this apparently really need to be formatted this way
-    # for mysqld to process the correclty (;-delimiter, newlines etc)
-    echo "$password_column_fix_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
-
-    # Replace old maintenance user with auth_socket usage if migrating
-    replace_query=`/bin/echo -e \
-        "USE mysql;\n" \
-        "SET sql_mode='', sql_log_bin=0;\n" \
-        "DROP USER 'debian-sys-maint'@'localhost';"`
-    # WARNING: This line might yield "The MariaDB server is running with
-    # the --skip-grant-tables option so it cannot execute this statement"
+    # Upgrade Password column format before the root password gets set.
+    echo -e \
+        "SET sql_log_bin=0;
+         ALTER TABLE mysql.user CHANGE Password Password char(41) 
CHARACTER SET latin1 COLLATE latin1_bin DEFAULT '' NOT NULL;" | 
$MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER

-    # Some plugins should installed per default. The query sequence is 
supposed
-    # to be aborted if the CREATE TABLE fails due to an already 
existent table in which case the
-    # admin might already have chosen to remove one or more plugins. 
Newlines are necessary.
-    install_plugins=`/bin/echo -e \
-        "USE mysql;\n" \
-        "SET sql_log_bin=0;\n" \
-        "CREATE TABLE IF NOT EXISTS plugin (name char(64) COLLATE 
utf8_bin NOT NULL DEFAULT '', " \
-        "  dl char(128) COLLATE utf8_bin NOT NULL DEFAULT '', " \
-        "  PRIMARY KEY (name)) ENGINE=MyISAM DEFAULT CHARSET=utf8 
COLLATE=utf8_bin COMMENT='MySQL plugins';\n" \
-        "INSTALL PLUGIN unix_socket SONAME 'auth_socket';\n"`
-
-    # Install plugins and ignore if already there
+    # Install plugin(s) and ignore if already there
     set +e
-    echo "$install_plugins" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
+    # Some plugins should be installed by default. The query sequence 
is supposed to be
+    # aborted if the CREATE TABLE fails due to an already existent 
table in which case the
+    # admin might already have chosen to remove one or more plugins. 
Newlines are necessary.
+    echo -e \
+        "SET sql_log_bin=0;
+         CREATE TABLE IF NOT EXISTS mysql.plugin (name CHAR(64) COLLATE 
utf8_bin NOT NULL DEFAULT '',
+           dl CHAR(128) COLLATE utf8_bin NOT NULL DEFAULT '',
+           PRIMARY KEY (name)) ENGINE=MyISAM DEFAULT CHARSET=utf8 
COLLATE=utf8_bin COMMENT='MySQL plugins';
+         INSERT INTO mysql.plugin (name, dl) VALUES ('unix_socket', 
'auth_socket');" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
     set -e

      if ! set_mysql_rootpw; then
+         # The reset of the root@localhost user password and the 
activation of
+         # the auth_socket plugin for it has failed
          password_error="yes"
-         # restore old config file if exists
-         [ -e $oldconf ] && mv $oldconf $dc
+         # The debian.cnf file is restored if pre-existing
+         [ -e "$oldconf" ] && mv "$oldconf" "$dc"
      else
-         [ -e $oldconf ] && rm -f $oldconf
-         # purge debian-sys-maint user
+         [ -e "$oldconf" ] && rm -f "$oldconf"
+         # Purge of the debian-sys-maint@localhost user that is 
replaced with
+         # auth_socket on root@localhost
+
+         # WARNING: This line might yield "The MariaDB server is 
running with
+         # the --skip-grant-tables option so it cannot execute this 
statement"
          set +e
-         echo "$replace_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
+         echo -e \
+             "SET sql_mode='', sql_log_bin=0;
+              DROP USER 'debian-sys-maint'@'localhost';" | 
$MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
          set -e
     fi
   ;;
@@ -210,7 +218,7 @@
   ;;
 esac

-# here we check to see if we can connect as root without a password
+# Here we check to see if we can connect as root without a password
 # this should catch upgrades from previous versions where the root
 # password wasn't set.  if there is a password, or if the connection
 # fails for any other reason, nothing happens.