1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
|
#!/bin/bash -e
. /usr/share/debconf/confmodule
if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 }
export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
# This command can be used as pipe to syslog. With "-s" it also logs to stderr.
ERR_LOGGER="logger -p daemon.err -t mysqld_safe -i"
invoke() {
if [ -x /usr/sbin/invoke-rc.d ]; then
invoke-rc.d mysql $1
else
/etc/init.d/mysql $1
fi
}
MYSQL_BOOTSTRAP="/usr/sbin/mysqld --bootstrap --user=mysql --skip-grant-tables --skip-bdb --skip-innodb "
test_mysql_access() {
mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1
}
# call with $1 = "online" to connect to the server, otherwise it bootstraps
set_mysql_rootpw() {
# forget we ever saw the password. don't use reset to keep the seen status
db_set mysql-server/root_password ""
tfile=`mktemp`
if [ ! -f "$tfile" ]; then
return 1
fi
# this avoids us having to call "test" or "[" on $rootpw
cat << EOF > $tfile
USE mysql;
UPDATE user SET password=PASSWORD("$rootpw") WHERE user='root';
FLUSH PRIVILEGES;
EOF
if grep -q 'PASSWORD("")' $tfile; then
retval=0
elif [ "$1" = "online" ]; then
mysql --no-defaults -u root -h localhost <$tfile >/dev/null
retval=$?
else
$MYSQL_BOOTSTRAP <$tfile
retval=$?
fi
rm -f $tfile
return $retval
}
# This is necessary because mysql_install_db removes the pid file in /var/run
# and because changed configuration options should take effect immediately.
# In case the server wasn't running at all it should be ok if the stop
# script fails. I can't tell at this point because of the cleaned /var/run.
set +e; invoke stop; set -e
case "$1" in
configure)
mysql_cnf=/etc/mysql-cluster/my.cnf
mysql_datadir=/usr/share/mysql
mysql_statedir=/var/lib/mysql
mysql_rundir=/var/run/mysqld
mysql_logdir=/var/log
mysql_cfgdir=/etc/mysql-cluster
mysql_newlogdir=/var/log/mysql
mysql_upgradedir=/var/lib/mysql-upgrade
# first things first, if the following symlink exists, it is a preserved
# copy the old data dir from a mysql upgrade that would have otherwise
# been replaced by an empty mysql dir. this should restore it.
for dir in DATADIR LOGDIR; do
if [ "$dir" = "DATADIR" ]; then targetdir=$mysql_statedir; else targetdir=$mysql_newlogdir; fi
savelink="$mysql_upgradedir/$dir.link"
if [ -L "$savelink" ]; then
# If the targetdir was a symlink before we upgraded it is supposed
# to be either still be present or not existing anymore now.
if [ -L "$targetdir" ]; then
rm "$savelink"
elif [ ! -d "$targetdir" ]; then
mv "$savelink" "$targetdir"
else
# this should never even happen, but just in case...
mysql_tmp=`mktemp -d -t mysql-symlink-restore-XXXXXX`
echo "this is very strange! see $mysql_tmp/README..." >&2
mv "$targetdir" "$mysql_tmp"
cat << EOF > "$mysql_tmp/README"
if you're reading this, it's most likely because you had replaced /var/lib/mysql
with a symlink, then upgraded to a new version of mysql, and then dpkg
removed your symlink (see #182747 and others). the mysql packages noticed
that this happened, and as a workaround have restored it. however, because
/var/lib/mysql seems to have been re-created in the meantime, and because
we don't want to rm -rf something we don't know as much about, we're going
to leave this unexpected directory here. if your database looks normal,
and this is not a symlink to your database, you should be able to blow
this all away.
EOF
fi
fi
rmdir $mysql_upgradedir 2>/dev/null || true
done
# Ensure the existence and right permissions for the database and
# log files.
if [ ! -d "$mysql_statedir" -a ! -L "$mysql_statedir" ]; then mkdir "$mysql_statedir"; fi
if [ ! -d "$mysql_statedir/mysql" -a ! -L "$mysql_statedir/mysql" ]; then mkdir "$mysql_statedir/mysql"; fi
if [ ! -d "$mysql_newlogdir" -a ! -L "$mysql_newlogdir" ]; then mkdir "$mysql_newlogdir"; fi
# When creating an ext3 jounal on an already mounted filesystem like e.g.
# /var/lib/mysql, you get a .journal file that is not modifyable by chown.
# The mysql_datadir must not be writable by the mysql user under any
# circumstances as it contains scripts that are executed by root.
set +e
chown -R 0.0 $mysql_datadir
chown -R mysql $mysql_statedir
chown -R mysql $mysql_rundir
chown -R mysql:adm $mysql_newlogdir; chmod 2750 $mysql_newlogdir;
for i in log err; do
touch $mysql_logdir/mysql.$i
chown mysql:adm $mysql_logdir/mysql.$i
chmod 0640 $mysql_logdir/mysql.$i
done
set -e
# This is important to avoid dataloss when there is a removed
# mysql-server version from Woody lying around which used the same
# data directory and then somewhen gets purged by the admin.
#db_set mysql-server/postrm_remove_database false || true
# So that mysql-server (4.0) can check if it's safe to install.
touch $mysql_statedir/debian-5.0.flag
# On dist-upgrades, we ensure that the old_password setting is updated
# before passwords are changed. Except for that my.cnf is taboo!
#db_get mysql-server-5.0/need_sarge_compat_done || true
#if [ "$RET" = "false" ]; then
# db_get mysql-server-5.0/need_sarge_compat
# echo -e "# created by debconf\n[mysqld]\nold_passwords = $RET" > /etc/mysql/conf.d/old_passwords.cnf
#fi
#db_set mysql-server-5.0/need_sarge_compat_done true
# initiate databases. Output is not allowed by debconf :-(
# Debian: beware of the bashisms...
# Debian: can safely run on upgrades with existing databases
set +e
/bin/bash /usr/bin/mysql_install_db --rpm 2>&1 | $ERR_LOGGER
if [ "$?" != "0" ]; then
echo "ATTENTION: An error has occured. More info is in the syslog!"
fi
set -e
## On every reconfiguration the maintenance user is recreated.
#
# - It is easier to regenerate the password every time but as people
# use fancy rsync scripts and file alteration monitors, the existing
# password is used and existing files not touched.
# - The mysqld statement is like that in mysql_install_db because the
# server is not already running. This has some implications:
# - The amount of newlines and semicolons in the query is important!
# - GRANT is not possible with --skipt-grant-tables and "INSERT
# (user,host..) VALUES" is not --ansi compliant
# - The echo is just for readability. ash's buildin has no "-e" so use /bin/echo.
# - The Super_priv, Show_db_priv, Create_tmp_table_priv and Lock_tables_priv
# may not be present as old Woody 3.23 databases did not have it and the
# admin might not already have run mysql_upgrade which adds them.
# As the binlog cron scripts to need at least the Super_priv, I do first
# the old query which always succeeds and then the new which may or may not.
# recreate the credentials file if not present or without mysql_upgrade stanza
dc=$mysql_cfgdir/debian.cnf;
if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
pass="`sed -n 's/password *= *// p' $dc | head -n 1`"
else
pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
cat /dev/null > $dc
echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
echo "[client]" >>$dc
echo "host = localhost" >>$dc
echo "user = debian-sys-maint" >>$dc
echo "password = $pass" >>$dc
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
echo "[mysql_upgrade]" >>$dc
echo "user = debian-sys-maint" >>$dc
echo "password = $pass" >>$dc
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
echo "basedir = /usr" >>$dc
fi
# If this dir chmod go+w then the admin did it. But this file should not.
chown 0:0 $dc
chmod 0600 $dc
# update privilege and timezone tables
password_column_fix_query=`/bin/echo -e \
"USE mysql\n" \
"ALTER TABLE user CHANGE password Password varchar(41) collate utf8_bin NOT NULL default ''"`;
replace_query=`/bin/echo -e \
"USE mysql\n" \
"REPLACE INTO user SET " \
" host='localhost', user='debian-sys-maint', password=password('$pass'), " \
" Select_priv='Y', Insert_priv='Y', Update_priv='Y', Delete_priv='Y', " \
" Create_priv='Y', Drop_priv='Y', Reload_priv='Y', Shutdown_priv='Y', " \
" Process_priv='Y', File_priv='Y', Grant_priv='Y', References_priv='Y', " \
" Index_priv='Y', Alter_priv='Y' __EXTRA_PRIVS__"`;
extra_privs=`/bin/echo -e \
", Show_db_priv='Y' " \
", Super_priv='Y' " \
", Create_tmp_table_priv='Y' " \
", Lock_tables_priv='Y' " \
", Execute_priv='Y' " \
", Repl_slave_priv='Y' " \
", Repl_client_priv='Y' "`;
# Upgrade password column format before the root password gets set.
echo "$password_column_fix_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
db_get mysql-server/root_password && rootpw="$RET"
if ! set_mysql_rootpw; then
password_error="yes"
fi
echo "$replace_query" | sed "s/__EXTRA_PRIVS__//" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
set +e
echo "$replace_query" | sed "s/__EXTRA_PRIVS__/$extra_privs/" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
set -e
mysql_tzinfo_to_sql /usr/share/zoneinfo/ 2>&1 | egrep -v 'Skipping it.$' | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
# The Sarge package "mysql-server" which used to include the mysqld daemon
# may still be in unselected-configured state (i.e. after a remove but not
# purge) in which case its now obsolete cronscript has to be moved away.
for i in /etc/cron.daily/mysql-server /etc/cron.daily/mysql-server-41 /etc/mysql/debian-log-rotate.conf; do
if [ -f $i ]; then mv $i $i.dpkg-old; fi
done
;;
abort-upgrade|abort-remove|abort-configure)
;;
*)
echo "postinst called with unknown argument '$1'" 1>&2
exit 1
;;
esac
#DEBHELPER#
# here we check to see if we can connect as root without a password
# this should catch upgrades from previous verisons where the root
# password wasn't set. if there is a password, or if the connection
# fails for any other reason, nothing happens.
if [ "$1" = "configure" ]; then
if test_mysql_access; then
db_input medium mysql-server/root_password || true
db_go
db_get mysql-server/root_password && rootpw="$RET"
if ! set_mysql_rootpw "online"; then
password_error="yes"
fi
fi
if [ "$password_error" = "yes" ]; then
db_input high mysql-server/error_setting_password || true
db_go
fi
fi
db_stop # in case invoke failes
exit 0
|