Permalink
Cannot retrieve contributors at this time
Fetching contributors…
Cannot retrieve contributors at this time
| #!/bin/bash -e | |
| . /usr/share/debconf/confmodule | |
| if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi | |
| ${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 } | |
| export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin | |
| # This command can be used as pipe to syslog. With "-s" it also logs to stderr. | |
| ERR_LOGGER="logger -p daemon.err -t mysqld_safe -i" | |
| # This will make an error in a logged command immediately apparent by aborting | |
| # the install, rather than failing silently and leaving a broken install. | |
| set -o pipefail | |
| invoke() { | |
| if [ -x /usr/sbin/invoke-rc.d ]; then | |
| invoke-rc.d mysql $1 | |
| else | |
| /etc/init.d/mysql $1 | |
| fi | |
| } | |
| MYSQL_BOOTSTRAP="/usr/sbin/mysqld --bootstrap --user=mysql --disable-log-bin --skip-grant-tables --default-storage-engine=myisam" | |
| test_mysql_access() { | |
| mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1 | |
| } | |
| # call with $1 = "online" to connect to the server, otherwise it bootstraps | |
| set_mysql_rootpw() { | |
| # forget we ever saw the password. don't use reset to keep the seen status | |
| db_set mysql-server/root_password "" | |
| tfile=`mktemp` | |
| if [ ! -f "$tfile" ]; then | |
| return 1 | |
| fi | |
| # this avoids us having to call "test" or "[" on $rootpw | |
| cat << EOF > $tfile | |
| USE mysql; | |
| SET sql_log_bin=0; | |
| UPDATE user SET password=PASSWORD("$rootpw") WHERE user='root'; | |
| FLUSH PRIVILEGES; | |
| EOF | |
| if grep -q 'PASSWORD("")' $tfile; then | |
| retval=0 | |
| elif [ "$1" = "online" ]; then | |
| mysql --no-defaults -u root -h localhost <$tfile >/dev/null | |
| retval=$? | |
| else | |
| $MYSQL_BOOTSTRAP <$tfile | |
| retval=$? | |
| fi | |
| rm -f $tfile | |
| return $retval | |
| } | |
| # This is necessary because mysql_install_db removes the pid file in /var/run | |
| # and because changed configuration options should take effect immediately. | |
| # In case the server wasn't running at all it should be ok if the stop | |
| # script fails. I can't tell at this point because of the cleaned /var/run. | |
| set +e; invoke stop; set -e | |
| case "$1" in | |
| configure) | |
| mysql_datadir=/usr/share/mysql | |
| mysql_statedir=/var/lib/mysql | |
| mysql_rundir=/var/run/mysqld | |
| mysql_logdir=/var/log | |
| mysql_cfgdir=/etc/mysql | |
| mysql_newlogdir=/var/log/mysql | |
| mysql_upgradedir=/var/lib/mysql-upgrade | |
| # first things first, if the following symlink exists, it is a preserved | |
| # copy the old data dir from a mysql upgrade that would have otherwise | |
| # been replaced by an empty mysql dir. this should restore it. | |
| for dir in DATADIR LOGDIR; do | |
| if [ "$dir" = "DATADIR" ]; then targetdir=$mysql_statedir; else targetdir=$mysql_newlogdir; fi | |
| savelink="$mysql_upgradedir/$dir.link" | |
| if [ -L "$savelink" ]; then | |
| # If the targetdir was a symlink before we upgraded it is supposed | |
| # to be either still be present or not existing anymore now. | |
| if [ -L "$targetdir" ]; then | |
| rm "$savelink" | |
| elif [ ! -d "$targetdir" ]; then | |
| mv "$savelink" "$targetdir" | |
| else | |
| # this should never even happen, but just in case... | |
| mysql_tmp=`mktemp -d -t mysql-symlink-restore-XXXXXX` | |
| echo "this is very strange! see $mysql_tmp/README..." >&2 | |
| mv "$targetdir" "$mysql_tmp" | |
| cat << EOF > "$mysql_tmp/README" | |
| if you're reading this, it's most likely because you had replaced /var/lib/mysql | |
| with a symlink, then upgraded to a new version of mysql, and then dpkg | |
| removed your symlink (see #182747 and others). the mysql packages noticed | |
| that this happened, and as a workaround have restored it. however, because | |
| /var/lib/mysql seems to have been re-created in the meantime, and because | |
| we don't want to rm -rf something we don't know as much about, we're going | |
| to leave this unexpected directory here. if your database looks normal, | |
| and this is not a symlink to your database, you should be able to blow | |
| this all away. | |
| EOF | |
| fi | |
| fi | |
| rmdir $mysql_upgradedir 2>/dev/null || true | |
| done | |
| # Ensure the existence and right permissions for the database and | |
| # log files. | |
| if [ ! -d "$mysql_statedir" -a ! -L "$mysql_statedir" ]; then mkdir "$mysql_statedir"; fi | |
| if [ ! -d "$mysql_statedir/mysql" -a ! -L "$mysql_statedir/mysql" ]; then mkdir "$mysql_statedir/mysql"; fi | |
| if [ ! -d "$mysql_newlogdir" -a ! -L "$mysql_newlogdir" ]; then mkdir "$mysql_newlogdir"; fi | |
| # When creating an ext3 jounal on an already mounted filesystem like e.g. | |
| # /var/lib/mysql, you get a .journal file that is not modifyable by chown. | |
| # The mysql_datadir must not be writable by the mysql user under any | |
| # circumstances as it contains scripts that are executed by root. | |
| set +e | |
| chown -R 0:0 $mysql_datadir | |
| chown -R mysql $mysql_statedir | |
| chown -R mysql $mysql_rundir | |
| chown -R mysql:adm $mysql_newlogdir; chmod 2750 $mysql_newlogdir; | |
| for i in log err; do | |
| touch $mysql_logdir/mysql.$i | |
| chown mysql:adm $mysql_logdir/mysql.$i | |
| chmod 0640 $mysql_logdir/mysql.$i | |
| done | |
| set -e | |
| # This is important to avoid dataloss when there is a removed | |
| # mysql-server version from Woody lying around which used the same | |
| # data directory and then somewhen gets purged by the admin. | |
| db_set mysql-server/postrm_remove_database false || true | |
| # To avoid downgrades. | |
| touch $mysql_statedir/debian-10.0.flag | |
| # initiate databases. Output is not allowed by debconf :-( | |
| # This will fail if we are upgrading an existing database; in this case | |
| # mysql_upgrade, called from the /etc/init.d/mysql start script, will | |
| # handle things. | |
| # Debian: beware of the bashisms... | |
| # Debian: can safely run on upgrades with existing databases | |
| set +e | |
| /bin/bash /usr/bin/mysql_install_db --rpm --user=mysql --disable-log-bin 2>&1 | $ERR_LOGGER | |
| set -e | |
| ## On every reconfiguration the maintenance user is recreated. | |
| # | |
| # - It is easier to regenerate the password every time but as people | |
| # use fancy rsync scripts and file alteration monitors, the existing | |
| # password is used and existing files not touched. | |
| # - The mysqld statement is like that in mysql_install_db because the | |
| # server is not already running. This has some implications: | |
| # - The amount of newlines and semicolons in the query is important! | |
| # - GRANT is not possible with --skip-grant-tables and "INSERT | |
| # (user,host..) VALUES" is not --ansi compliant | |
| # - The echo is just for readability. ash's buildin has no "-e" so use /bin/echo. | |
| # - The Super_priv, Show_db_priv, Create_tmp_table_priv and Lock_tables_priv | |
| # may not be present as old Woody 3.23 databases did not have it and the | |
| # admin might not already have run mysql_upgrade which adds them. | |
| # As the binlog cron scripts to need at least the Super_priv, I do first | |
| # the old query which always succeeds and then the new which may or may not. | |
| # recreate the credentials file if not present or without mysql_upgrade stanza | |
| dc=$mysql_cfgdir/debian.cnf; | |
| if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then | |
| pass="`sed -n 's/^[ ]*password *= *// p' $dc | head -n 1`" | |
| else | |
| pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`; | |
| if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi | |
| cat /dev/null > $dc | |
| echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc | |
| echo "[client]" >>$dc | |
| echo "host = localhost" >>$dc | |
| echo "user = debian-sys-maint" >>$dc | |
| echo "password = $pass" >>$dc | |
| echo "socket = $mysql_rundir/mysqld.sock" >>$dc | |
| echo "[mysql_upgrade]" >>$dc | |
| echo "host = localhost" >>$dc | |
| echo "user = debian-sys-maint" >>$dc | |
| echo "password = $pass" >>$dc | |
| echo "socket = $mysql_rundir/mysqld.sock" >>$dc | |
| echo "basedir = /usr" >>$dc | |
| fi | |
| # If this dir chmod go+w then the admin did it. But this file should not. | |
| chown 0:0 $dc | |
| chmod 0600 $dc | |
| # update privilege tables | |
| password_column_fix_query=`/bin/echo -e \ | |
| "USE mysql;\n" \ | |
| "ALTER TABLE user CHANGE Password Password char(41) character set latin1 collate latin1_bin DEFAULT '' NOT NULL;"` | |
| replace_query=`/bin/echo -e \ | |
| "USE mysql;\n" \ | |
| "SET sql_mode='';\n" \ | |
| "REPLACE INTO user SET " \ | |
| " host='localhost', user='debian-sys-maint', password=password('$pass'), " \ | |
| " Select_priv='Y', Insert_priv='Y', Update_priv='Y', Delete_priv='Y', " \ | |
| " Create_priv='Y', Drop_priv='Y', Reload_priv='Y', Shutdown_priv='Y', " \ | |
| " Process_priv='Y', File_priv='Y', Grant_priv='Y', References_priv='Y', " \ | |
| " Index_priv='Y', Alter_priv='Y', Super_priv='Y', Show_db_priv='Y', "\ | |
| " Create_tmp_table_priv='Y', Lock_tables_priv='Y', Execute_priv='Y', "\ | |
| " Repl_slave_priv='Y', Repl_client_priv='Y', Create_view_priv='Y', "\ | |
| " Show_view_priv='Y', Create_routine_priv='Y', Alter_routine_priv='Y', "\ | |
| " Create_user_priv='Y', Event_priv='Y', Trigger_priv='Y',"\ | |
| " ssl_cipher='', x509_issuer='', x509_subject='';"`; | |
| # Engines supported by etch should be installed per default. The query sequence is supposed | |
| # to be aborted if the CREATE TABLE fails due to an already existent table in which case the | |
| # admin might already have chosen to remove one or more plugins. Newlines are necessary. | |
| install_plugins=`/bin/echo -e \ | |
| "USE mysql;\n" \ | |
| "CREATE TABLE IF NOT EXISTS plugin (name char(64) COLLATE utf8_bin NOT NULL DEFAULT '', " \ | |
| " dl char(128) COLLATE utf8_bin NOT NULL DEFAULT '', " \ | |
| " PRIMARY KEY (name)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='MySQL plugins';" ` | |
| # Upgrade password column format before the root password gets set. | |
| echo "$password_column_fix_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER | |
| db_get mysql-server/root_password && rootpw="$RET" | |
| if ! set_mysql_rootpw; then | |
| password_error="yes" | |
| fi | |
| set +e | |
| echo "$replace_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER | |
| echo "$install_plugins" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER | |
| set -e | |
| ;; | |
| abort-upgrade|abort-remove|abort-configure) | |
| ;; | |
| *) | |
| echo "postinst called with unknown argument '$1'" 1>&2 | |
| exit 1 | |
| ;; | |
| esac | |
| # here we check to see if we can connect as root without a password | |
| # this should catch upgrades from previous versions where the root | |
| # password wasn't set. if there is a password, or if the connection | |
| # fails for any other reason, nothing happens. | |
| if [ "$1" = "configure" ]; then | |
| if test_mysql_access; then | |
| db_input medium mysql-server/root_password || true | |
| db_go | |
| db_get mysql-server/root_password && rootpw="$RET" | |
| if ! set_mysql_rootpw "online"; then | |
| password_error="yes" | |
| fi | |
| fi | |
| if [ "$password_error" = "yes" ]; then | |
| db_input high mysql-server/error_setting_password || true | |
| db_go | |
| fi | |
| fi | |
| db_stop # in case invoke failes | |
| # If we upgrade from MySQL mysql.service may be masked, which also | |
| # means init.d script is disabled. Unmask mysql service explicitely. | |
| # Check first that the command exists, to avoid emitting any warning messages. | |
| if [ -x "$(command -v deb-systemd-helper)" ]; then | |
| deb-systemd-helper unmask mysql.service > /dev/null | |
| fi | |
| #DEBHELPER# | |
| exit 0 |