Commit 7f5e005d authored by Sergey Vojtovich's avatar Sergey Vojtovich

MDEV-9080 - Debian: incorrect empty password check in postinst

There was code that was supposed to "catch upgrades from previous versions where
the root password wasn't set". But it is wrong in many regards:
- it is supposed to be executed against running server, but at this point server
  should be down, which makes this code no-op
- if the above is fixed, root password will be requested twice (initial root
  password request + this one)
- it asks for a password only once, while "initial root password request" asks
  twice (password + password verification)
- it may give false positive if unix socket based authentication is in effect

Removed this code since it didn't work for quite a while (at least since
mysql-5.1) and nobody cared about it.
parent 60ad3398
...@@ -23,11 +23,6 @@ invoke() { ...@@ -23,11 +23,6 @@ invoke() {
MYSQL_BOOTSTRAP="/usr/sbin/mysqld --bootstrap --user=mysql --disable-log-bin --skip-grant-tables --default-storage-engine=myisam" MYSQL_BOOTSTRAP="/usr/sbin/mysqld --bootstrap --user=mysql --disable-log-bin --skip-grant-tables --default-storage-engine=myisam"
test_mysql_access() {
mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1
}
# call with $1 = "online" to connect to the server, otherwise it bootstraps
set_mysql_rootpw() { set_mysql_rootpw() {
# forget we ever saw the password. don't use reset to keep the seen status # forget we ever saw the password. don't use reset to keep the seen status
db_set mysql-server/root_password "" db_set mysql-server/root_password ""
...@@ -47,9 +42,6 @@ FLUSH PRIVILEGES; ...@@ -47,9 +42,6 @@ FLUSH PRIVILEGES;
EOF EOF
if grep -q 'PASSWORD("")' $tfile; then if grep -q 'PASSWORD("")' $tfile; then
retval=0 retval=0
elif [ "$1" = "online" ]; then
mysql --no-defaults -u root -h localhost <$tfile >/dev/null
retval=$?
else else
$MYSQL_BOOTSTRAP <$tfile $MYSQL_BOOTSTRAP <$tfile
retval=$? retval=$?
...@@ -208,7 +200,8 @@ EOF ...@@ -208,7 +200,8 @@ EOF
db_get mysql-server/root_password && rootpw="$RET" db_get mysql-server/root_password && rootpw="$RET"
if ! set_mysql_rootpw; then if ! set_mysql_rootpw; then
password_error="yes" db_input high mysql-server/error_setting_password || true
db_go
fi fi
set +e set +e
...@@ -229,6 +222,13 @@ EOF ...@@ -229,6 +222,13 @@ EOF
echo "/usr/sbin/mysqld { }" | apparmor_parser --remove 2>/dev/null || true echo "/usr/sbin/mysqld { }" | apparmor_parser --remove 2>/dev/null || true
fi fi
fi fi
# copy out any mysqld_safe settings
systemd_conf=/etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
if [ -x /usr/bin/mariadb-service-convert -a ! -f "${systemd_conf}" ]; then
mkdir -p /etc/systemd/system/mariadb.service.d
/usr/bin/mariadb-service-convert > "${systemd_conf}"
fi
;; ;;
abort-upgrade|abort-remove|abort-configure) abort-upgrade|abort-remove|abort-configure)
...@@ -240,34 +240,6 @@ EOF ...@@ -240,34 +240,6 @@ EOF
;; ;;
esac esac
# here we check to see if we can connect as root without a password
# this should catch upgrades from previous versions where the root
# password wasn't set. if there is a password, or if the connection
# fails for any other reason, nothing happens.
if [ "$1" = "configure" ]; then
if test_mysql_access; then
db_input medium mysql-server/root_password || true
db_go
db_get mysql-server/root_password && rootpw="$RET"
if ! set_mysql_rootpw "online"; then
password_error="yes"
fi
fi
if [ "$password_error" = "yes" ]; then
db_input high mysql-server/error_setting_password || true
db_go
fi
# copy out any mysqld_safe settings
systemd_conf=/etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
if [ -x /usr/bin/mariadb-service-convert -a ! -f "${systemd_conf}" ]; then
mkdir -p /etc/systemd/system/mariadb.service.d
/usr/bin/mariadb-service-convert > "${systemd_conf}"
fi
fi
db_stop # in case invoke failes db_stop # in case invoke failes
# dh_systemd_start doesn't emit anything since we still ship /etc/init.d/mysql. # dh_systemd_start doesn't emit anything since we still ship /etc/init.d/mysql.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment