/mysql-5.7

Permalink
Switch branches/tags
Nothing to show
Find file
mysql-5.7/debian/mysql-server-5.7.postinst
Fetching contributors…
Cannot retrieve contributors at this time
Raw Blame History
executable file 249 lines (219 sloc) 9.09 KB
#!/bin/bash
set -e
. /usr/share/debconf/confmodule
if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 }
export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
# This command can be used as pipe to syslog. With "-s" it also logs to stderr.
ERR_LOGGER="logger -p daemon.err -t mysqld_safe -i"
# Runs an arbitrary init sql file supplied in $1. Does not require login access
run_init_sql() {
tmpdir=`mktemp -d`
chown -R mysql:mysql $tmpdir
mysqld --user=mysql --init-file=$1 --socket=$tmpdir/mysqld.sock --pid-file=$tmpdir/mysqld.pid > /dev/null 2>&1
result=$?
rm -rf $tmpdir
return $result
}
# To avoid having hardcoded paths in the script, we do a search on the path, as suggested at:
# https://www.debian.org/doc/manuals/developers-reference/ch06.en.html#bpp-debian-maint-scripts
pathfind() {
OLDIFS="$IFS"
IFS=:
for p in $PATH; do
if [ -x "$p/$*" ]; then
IFS="$OLDIFS"
return 0
fi
done
IFS="$OLDIFS"
return 1
}
invoke() {
if pathfind invoke-rc.d; then
invoke-rc.d mysql $1
else
/etc/init.d/mysql $1
fi
}
# Check if there is passwordless root login
test_mysql_access() {
mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1
}
# Check if the debian-sys-maint user can log in
test_sysmaint_access() {
mysql --defaults-file=/etc/mysql/debian.cnf </dev/null >/dev/null 2>&1
}
# $1 is username, e.g. 'root' $2 is password
set_mysql_pw() {
user="$1"
pass="$2"
passfile=/var/lib/mysql-files/passchange
touch $passfile
chmod 600 $passfile
chown mysql:mysql $passfile
echo "USE mysql;" >> $passfile
echo "UPDATE user SET authentication_string=PASSWORD('$pass') WHERE user='$user';" >> $passfile
echo "FLUSH PRIVILEGES;" >> $passfile
echo "SHUTDOWN;" >> $passfile
run_init_sql $passfile
rm $passfile
}
# This is necessary because mysql_install_db removes the pid file in /var/run
# and because changed configuration options should take effect immediately.
# In case the server wasn't running at all it should be ok if the stop
# script fails. I can't tell at this point because of the cleaned /var/run.
set +e; invoke stop; set -e
case "$1" in
configure)
mysql_datadir=/usr/share/mysql
mysql_statedir=/var/lib/mysql
mysql_rundir=/var/run/mysqld
mysql_logdir=/var/log/mysql
mysql_cfgdir=/etc/mysql
mysql_upgradedir=/var/lib/mysql-upgrade
mysql_filesdir=/var/lib/mysql-files
mysql_keyringdir=/var/lib/mysql-keyring
# mysqld gets called during postinst configure, so any
# updates to the AppArmor profile must be loaded first (before the
# dh_apparmor snippet added by debhelper does it properly at the end of
# this script). Otherwise, mysqld cannot for example load
# /etc/mysql/mysqld.conf.d/ on upgrade from 5.5 to 5.6, which was added in
# 5.6 packaging but not present in the AppArmor profile shipped with 5.5
# packaging.
#
# This a workaround. Status is tracked at https://launchpad.net/bugs/1435368
if aa-status --enabled 2>/dev/null; then
# It is common for this to fail because
# /etc/apparmor.d/local/usr.sbin.mysqld doesn't exist (eg. on first
# install). But if this happens, then the workaround is not required,
# so it doesn't matter. If instead it causes a security issue, then
# that doesn't really matter here as dh_apparmor should handle that
# correctly later on.
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.mysqld 2>/dev/null || true
fi
# New packaging paradigm for my.cnf as of Dec-2014 for sharing mysql
# variants in Ubuntu.
/usr/share/mysql-common/configure-symlinks install mysql "$mysql_cfgdir/mysql.cnf"
# Ensure the existence and right permissions for the database and
# log files.
directories=( $mysql_statedir $mysql_filesdir $mysql_keyringdir $mysql_logdir )
for d in "${directories[@]}"
do
if [ ! -d "$d" -a ! -L "$d" ]; then mkdir "$d"; fi
chown -R mysql:mysql $d
chmod 0700 $d
done
# When creating an ext3 jounal on an already mounted filesystem like e.g.
# /var/lib/mysql, you get a .journal file that is not modifyable by chown.
# The mysql_datadir must not be writable by the mysql user under any
# circumstances as it contains scripts that are executed by root.
set +e
chown -R 0:0 $mysql_datadir
touch $mysql_logdir/error.log
chown -R mysql:adm $mysql_logdir
chmod 0750 $mysql_logdir
chmod 0640 $mysql_logdir/error.log
set -e
# This is important to avoid dataloss when there is a removed
# mysql-server version from Woody lying around which used the same
# data directory and then somewhen gets purged by the admin.
db_set mysql-server/postrm_remove_database false || true
## On every reconfiguration the maintenance user is recreated.
#
# - It is easier to regenerate the password every time but as people
# use fancy rsync scripts and file alteration monitors, the existing
# password is used and existing files not touched.
# recreate the credentials file if not present or without mysql_upgrade stanza
dc=$mysql_cfgdir/debian.cnf;
if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
pass="`sed -n 's/^[ ]*password *= *// p' $dc | head -n 1`"
# Basedir is deprecated. Remove the option if it's in an existing debian.cnf
sed -i '/basedir/d' "$dc"
else
pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
umask 066
cat /dev/null > $dc
umask 022
echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
echo "[client]" >>$dc
echo "host = localhost" >>$dc
echo "user = debian-sys-maint" >>$dc
echo "password = $pass" >>$dc
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
echo "[mysql_upgrade]" >>$dc
echo "host = localhost" >>$dc
echo "user = debian-sys-maint" >>$dc
echo "password = $pass" >>$dc
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
fi
# If this dir chmod go+w then the admin did it. But this file should not.
chown 0:0 $dc
chmod 0600 $dc
# initiate databases. Output is not allowed by debconf :-(
# Debian: can safely run on upgrades with existing databases
# If database doesn't exist we create it. Otherwise we run mysql_upgrade
set +e
if [ ! "$(ls -A ${mysql_statedir})" ] && [ -d ${mysql_filesdir} ]; then
initfile=/var/lib/mysql-files/SQL
touch $initfile
chmod 600 $initfile
chown mysql:mysql $initfile
echo "USE mysql; " >> $initfile
db_get mysql-server/root_password && rootpw="$RET"
if [ ! -z $rootpw ]; then
echo "ALTER user 'root'@'localhost' IDENTIFIED BY '$rootpw';" >> $initfile
fi
echo "CREATE user IF NOT EXISTS 'debian-sys-maint'@'localhost' IDENTIFIED BY '$pass';" >> $initfile
echo "GRANT ALL ON *.* TO 'debian-sys-maint'@'localhost';" >> $initfile
echo "SHUTDOWN;" >> $initfile
mysqld --initialize-insecure --user=mysql --init-file=$initfile> /dev/null 2>&1
rm $initfile
else
existingdatabase=1
fi
set -e
# To avoid downgrades. This has to happen after the database is created, or --initialize will fail
touch $mysql_statedir/debian-5.7.flag
;;
abort-upgrade|abort-remove|abort-configure)
;;
*)
echo "postinst called with unknown argument '$1'" 1>&2
exit 1
;;
esac
#DEBHELPER#
# We put this after the debhelper section because it is needed to unmask
# and enable the service in some cases like when upgrading from 5.5
if [ "$1" = "configure" ]; then
# We don't need to do this if there was no existing database
if [ $existingdatabase = 1 ]; then
if test_sysmaint_access; then
mysql_upgrade --defaults-file=/etc/mysql/debian.cnf
else # In case the debian user can't log in we try setting the password
invoke stop
set_mysql_pw "debian-sys-maint" "$pass"
invoke start
mysql_upgrade --defaults-file=/etc/mysql/debian.cnf
fi
# here we check to see if we can connect as root without a password
# this should catch upgrades from previous versions where the root
# password wasn't set. if there is a password, or if the connection
# fails for any other reason, nothing happens.
if test_mysql_access; then
db_get mysql-server/root_password && rootpw="$RET"
if [ ! -z $rootpw ]; then
invoke stop
set_mysql_pw 'root' $rootpw
invoke start
fi
fi
fi
fi
# forget we ever saw the password. don't use reset to keep the seen status
db_set mysql-server/root_password ""
db_set mysql-server/root_password_again ""
db_stop # in case invoke failes
exit 0