mysql-server-BASE.postinst.in 11.2 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139
#!/bin/bash -e

. /usr/share/debconf/confmodule

if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 }
 
export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin

# This command can be used as pipe to syslog. With "-s" it also logs to stderr.
ERR_LOGGER="logger -p daemon.err -t mysqld_safe -i"

invoke() {
  if [ -x /usr/sbin/invoke-rc.d ]; then
    invoke-rc.d mysql $1
  else
    /etc/init.d/mysql $1
  fi
}

MYSQL_BOOTSTRAP="/usr/sbin/mysqld --bootstrap --user=mysql --skip-grant-tables  --skip-bdb  --skip-innodb "

test_mysql_access() {
	mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1
}

# call with $1 = "online" to connect to the server, otherwise it bootstraps
set_mysql_rootpw() {
	# forget we ever saw the password.  don't use reset to keep the seen status
	db_set mysql-server/root_password ""

	tfile=`mktemp`
	if [ ! -f "$tfile" ]; then
		return 1
	fi

	# this avoids us having to call "test" or "[" on $rootpw
	cat << EOF > $tfile
USE mysql;
UPDATE user SET password=PASSWORD("$rootpw") WHERE user='root';
FLUSH PRIVILEGES;
EOF
	if grep -q 'PASSWORD("")' $tfile; then
		retval=0
	elif [ "$1" = "online" ]; then
		mysql --no-defaults -u root -h localhost <$tfile >/dev/null
		retval=$?
	else
		$MYSQL_BOOTSTRAP <$tfile
		retval=$?
	fi
	rm -f $tfile
	return $retval
}

# This is necessary because mysql_install_db removes the pid file in /var/run
# and because changed configuration options should take effect immediately.
# In case the server wasn't running at all it should be ok if the stop
# script fails. I can't tell at this point because of the cleaned /var/run.
set +e; invoke stop; set -e
    
case "$1" in
  configure)
    mysql_cnf=/etc/mysql/my.cnf
    mysql_datadir=/usr/share/mysql
    mysql_statedir=/var/lib/mysql
    mysql_rundir=/var/run/mysqld
    mysql_logdir=/var/log
    mysql_cfgdir=/etc/mysql
    mysql_newlogdir=/var/log/mysql
    mysql_upgradedir=/var/lib/mysql-upgrade

    # first things first, if the following symlink exists, it is a preserved
    # copy the old data dir from a mysql upgrade that would have otherwise
    # been replaced by an empty mysql dir.  this should restore it.
    for dir in DATADIR LOGDIR; do
        if [ "$dir" = "DATADIR" ]; then targetdir=$mysql_statedir; else targetdir=$mysql_newlogdir; fi
        savelink="$mysql_upgradedir/$dir.link"
        if [ -L "$savelink" ]; then
            # If the targetdir was a symlink before we upgraded it is supposed
            # to be either still be present or not existing anymore now.
            if [ -L "$targetdir" ]; then
                rm "$savelink"
            elif [ ! -d "$targetdir" ]; then
                mv "$savelink" "$targetdir"
            else
                # this should never even happen, but just in case...
                mysql_tmp=`mktemp -d -t mysql-symlink-restore-XXXXXX`
                echo "this is very strange!  see $mysql_tmp/README..." >&2
                mv "$targetdir" "$mysql_tmp"
                cat << EOF > "$mysql_tmp/README"

if you're reading this, it's most likely because you had replaced /var/lib/mysql
with a symlink, then upgraded to a new version of mysql, and then dpkg
removed your symlink (see #182747 and others).  the mysql packages noticed
that this happened, and as a workaround have restored it.  however, because
/var/lib/mysql seems to have been re-created in the meantime, and because
we don't want to rm -rf something we don't know as much about, we're going
to leave this unexpected directory here.  if your database looks normal,
and this is not a symlink to your database, you should be able to blow
this all away.

EOF
            fi
        fi
	rmdir $mysql_upgradedir 2>/dev/null || true
    done
    
    # Ensure the existence and right permissions for the database and
    # log files.
    if [ ! -d "$mysql_statedir"       -a ! -L "$mysql_statedir"       ]; then mkdir "$mysql_statedir"; fi
    if [ ! -d "$mysql_statedir/mysql" -a ! -L "$mysql_statedir/mysql" ]; then mkdir "$mysql_statedir/mysql"; fi
    if [ ! -d "$mysql_newlogdir"      -a ! -L "$mysql_newlogdir"      ]; then mkdir "$mysql_newlogdir"; fi
    # When creating an ext3 jounal on an already mounted filesystem like e.g.
    # /var/lib/mysql, you get a .journal file that is not modifyable by chown.
    # The mysql_datadir must not be writable by the mysql user under any
    # circumstances as it contains scripts that are executed by root.
    set +e
    chown -R 0.0 $mysql_datadir
    chown -R mysql $mysql_statedir
    chown -R mysql $mysql_rundir
    chown -R mysql:adm $mysql_newlogdir;	chmod 2750 $mysql_newlogdir;
    for i in log err; do
      touch             $mysql_logdir/mysql.$i
      chown mysql:adm   $mysql_logdir/mysql.$i
      chmod 0640        $mysql_logdir/mysql.$i
    done
    set -e

    # This is important to avoid dataloss when there is a removed
    # mysql-server version from Woody lying around which used the same
    # data directory and then somewhen gets purged by the admin.
    db_set mysql-server/postrm_remove_database false || true

    # So that mysql-server (4.0) can check if it's safe to install.
    touch $mysql_statedir/debian-@VER@.flag

    # On dist-upgrades, we ensure that the old_password setting is updated
    # before passwords are changed. Except for that config files are taboo!
mtaylor@blade09.mysql.com's avatar
mtaylor@blade09.mysql.com committed
140
    db_get mysql-server-@MYSQL_BRANDED_BASE_VERSION@/need_sarge_compat_done || true
141
    if [ "$RET" = "false" ]; then
mtaylor@blade09.mysql.com's avatar
mtaylor@blade09.mysql.com committed
142
 	db_get mysql-server-@MYSQL_BRANDED_BASE_VERSION@/need_sarge_compat
143 144
	echo -e "# created by debconf but save to be edited\n[mysqld]\nold_passwords = $RET" > /etc/mysql/conf.d/old_passwords.cnf
    fi
mtaylor@blade09.mysql.com's avatar
mtaylor@blade09.mysql.com committed
145
    db_set mysql-server-@MYSQL_BRANDED_BASE_VERSION@/need_sarge_compat_done true
146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276

    # initiate databases. Output is not allowed by debconf :-(
    # Debian: beware of the bashisms... 
    # Debian: can safely run on upgrades with existing databases 
    set +e
    /bin/bash /usr/bin/mysql_install_db --rpm 2>&1 | $ERR_LOGGER
    if [ "$?" != "0" ]; then
      echo "ATTENTION: An error has occured. More info is in the syslog!"
    fi
    set -e
    
    ## On every reconfiguration the maintenance user is recreated.
    #
    # - It is easier to regenerate the password every time but as people
    #   use fancy rsync scripts and file alteration monitors, the existing
    #   password is used and existing files not touched.
    # - The mysqld statement is like that in mysql_install_db because the
    #   server is not already running. This has some implications:
    # 	- The amount of newlines and semicolons in the query is important!
    #   - GRANT is not possible with --skipt-grant-tables and "INSERT
    #     (user,host..) VALUES" is not --ansi compliant
    # - The echo is just for readability. ash's buildin has no "-e" so use /bin/echo.
    # - The Super_priv, Show_db_priv, Create_tmp_table_priv and Lock_tables_priv
    #   may not be present as old Woody 3.23 databases did not have it and the
    #   admin might not already have run mysql_upgrade which adds them.
    #   As the binlog cron scripts to need at least the Super_priv, I do first
    #   the old query which always succeeds and then the new which may or may not.

    # recreate the credentials file if not present or without mysql_upgrade stanza
    dc=$mysql_cfgdir/debian.cnf; 
    if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
        pass="`sed -n 's/password *= *// p' $dc | head -n 1`"
    else
	pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
        if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
        cat /dev/null > $dc
        echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
        echo "[client]"                                                    >>$dc
        echo "host     = localhost"                                        >>$dc
        echo "user     = debian-sys-maint"                                 >>$dc
        echo "password = $pass"                                            >>$dc
        echo "socket   = $mysql_rundir/mysqld.sock"                        >>$dc
        echo "[mysql_upgrade]"                                             >>$dc
        echo "user     = debian-sys-maint"                                 >>$dc
        echo "password = $pass"                                            >>$dc
        echo "socket   = $mysql_rundir/mysqld.sock"                        >>$dc
        echo "basedir  = /usr"                                             >>$dc
    fi
    # If this dir chmod go+w then the admin did it. But this file should not.
    chown 0:0 $dc
    chmod 0600 $dc

    # update privilege and timezone tables
    password_column_fix_query=`/bin/echo -e \
	"USE mysql\n" \
	"ALTER TABLE user CHANGE password Password varchar(41) collate utf8_bin NOT NULL default ''"`;
    replace_query=`/bin/echo -e \
	"USE mysql\n" \
	"REPLACE INTO user SET " \
	"  host='localhost', user='debian-sys-maint', password=password('$pass'), " \
	"  Select_priv='Y', Insert_priv='Y', Update_priv='Y', Delete_priv='Y', " \
	"  Create_priv='Y', Drop_priv='Y', Reload_priv='Y', Shutdown_priv='Y', " \
	"  Process_priv='Y',  File_priv='Y', Grant_priv='Y', References_priv='Y', " \
	"  Index_priv='Y', Alter_priv='Y' __EXTRA_PRIVS__"`;
    extra_privs=`/bin/echo -e \
	", Show_db_priv='Y' " \
	", Super_priv='Y' " \
	", Create_tmp_table_priv='Y' " \
	", Lock_tables_priv='Y' " \
	", Execute_priv='Y' " \
	", Repl_slave_priv='Y' " \
	", Repl_client_priv='Y' "`;

    # Upgrade password column format before the root password gets set.
    echo "$password_column_fix_query"                             | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER

    db_get mysql-server/root_password && rootpw="$RET"
    if ! set_mysql_rootpw; then
    	password_error="yes"
    fi

    echo "$replace_query" | sed "s/__EXTRA_PRIVS__//"             | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
    set +e
    echo "$replace_query" | sed "s/__EXTRA_PRIVS__/$extra_privs/" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
    set -e
    mysql_tzinfo_to_sql /usr/share/zoneinfo/ 2>&1 | egrep -v 'Skipping it.$' | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER

    # The Sarge package "mysql-server" which used to include the mysqld daemon
    # may still be in unselected-configured state (i.e. after a remove but not
    # purge) in which case its now obsolete cronscript has to be moved away.
    for i in /etc/cron.daily/mysql-server /etc/cron.daily/mysql-server-41 /etc/mysql/debian-log-rotate.conf; do
      if [ -f $i ]; then mv $i $i.dpkg-old; fi 
    done
  ;;

  abort-upgrade|abort-remove|abort-configure)
  ;;

  *)
    echo "postinst called with unknown argument '$1'" 1>&2
    exit 1
  ;;
esac

#DEBHELPER#

# here we check to see if we can connect as root without a password
# this should catch upgrades from previous verisons where the root
# password wasn't set.  if there is a password, or if the connection
# fails for any other reason, nothing happens.
if [ "$1" = "configure" ]; then
	if test_mysql_access; then
		db_input medium mysql-server/root_password || true
		db_go
		db_get mysql-server/root_password && rootpw="$RET"

		if ! set_mysql_rootpw "online"; then
			password_error="yes"
		fi
	fi

	if [ "$password_error" = "yes" ]; then
		db_input high mysql-server/error_setting_password || true
		db_go
	fi

fi

db_stop # in case invoke failes

exit 0