Sorry, i posted the wrong diff file, here is the right one. ps: i havent tried the postinst script Le 03/03/2015 02:29, Jean Weisbuch a écrit :
[...]
--- mariadb-server-10.0.postinst 2015-03-03 01:04:34.054732754 +0100 +++ mariadb-server-10.0.postinst 2015-03-03 02:17:46.753503859 +0100
--- mariadb-server-10.0.postinst 2015-03-03 01:04:34.054732754 +0100 +++ mariadb-server-10.0.postinst 2015-03-03 02:31:01.075282368 +0100 @@ -29,19 +29,25 @@ mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1 } -# call with $1 = "online" to connect to the server, otherwise it bootstraps +# This function resets the root@localhost user password and enable the +# usage of the unix_socket plugin for it. +# Call with $1 = "online" to connect to the server, otherwise it bootstraps set_mysql_rootpw() { - - tfile=`mktemp` + tfile="$(mktemp)" if [ ! -f "$tfile" ]; then return 1 fi - # this avoids us having to call "test" or "[" on $rootpw + # The reset_root statement is used to verify that the unix_socket plugin + # is active before resetting the root@localhost password ; if the plugin + # is not active, it will fail with "ERROR 1065 (42000): Query was empty" + + # This avoids us having to call "test" or "[" on $rootpw cat << EOF > $tfile -USE mysql; SET sql_log_bin=0; -UPDATE user SET password="", plugin="unix_socket" WHERE user='root'; +SET @reset_root=IF( (SELECT 1 FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME='unix_socket' AND PLUGIN_STATUS='ACTIVE' AND PLUGIN_TYPE='AUTHENTICATION' AND PLUGIN_LIBRARY LIKE CONCAT('auth_socket','%') )=1, "UPDATE mysql.user SET Password='', Plugin='unix_socket' WHERE User='root' AND Host='localhost'", ''); +PREPARE reset_root FROM @reset_root; +EXECUTE reset_root; FLUSH PRIVILEGES; EOF if [ "$1" = "online" ]; then @@ -51,7 +57,7 @@ $MYSQL_BOOTSTRAP <$tfile retval=$? fi - rm -f $tfile + rm -f "$tfile" return $retval } @@ -122,81 +128,83 @@ # As the binlog cron scripts to need at least the Super_priv, I do first # the old query which always succeeds and then the new which may or may not. - # recreate the credentials file if not present or with debian-sys-maint + # Recreates the credentials file if not present or with debian-sys-maint # still there - dc=$mysql_cfgdir/debian.cnf; - if [ ! -e "$dc" -o -n "`fgrep debian-sys-maint $dc 2>/dev/null`" ]; then - if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi + dc=$mysql_cfgdir/debian.cnf + fgrep -q debian-sys-maint $dc + if [ ! -e "$dc" -o $? -ne 0 ]; then + # debian.cnf does not exists or contains the debian-sys-maint user if [ -e "$dc" ]; then - oldconf=`mktemp --tmpdir=$mysql_cfgdir -t debian_old_config.XXXXXX` - cp $dc $oldconf + # A backup of the existing debian.cnf is done + # In case the migration to auth_socket would fail, it will be restored + oldconf="$(mktemp --tmpdir=$mysql_cfgdir -t debian_old_config.XXXXXX)" + cp "$dc" "$oldconf" else - oldconf='' + # There was no pre-existing debian.cnf file + oldconf='' + if [ ! -d "$mysql_cfgdir" ]; then + # The configuration directory does not exists + install -o 0 -g 0 -m 0755 -d $mysql_cfgdir + fi fi + + # (re)creation of the debian.cnf file umask 066 - cat /dev/null > $dc + > $dc umask 022 - echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc - echo "[client]" >>$dc - echo "host = localhost" >>$dc - echo "user = root" >>$dc - echo "password = " >>$dc - echo "socket = $mysql_rundir/mysqld.sock" >>$dc - echo "[mysql_upgrade]" >>$dc - echo "host = localhost" >>$dc - echo "user = root" >>$dc - echo "password = " >>$dc - echo "socket = $mysql_rundir/mysqld.sock" >>$dc - echo "basedir = /usr" >>$dc + echo "# Automatically generated for Debian scripts. DO NOT TOUCH! +[client] +host = localhost +user = root +password = +socket = $mysql_rundir/mysqld.sock +[mysql_upgrade] +host = localhost +user = root +password = +socket = $mysql_rundir/mysqld.sock +basedir = /usr" >>$dc fi + # If this dir chmod go+w then the admin did it. But this file should not. chown 0:0 $dc chmod 0600 $dc - # Update privilege tables - password_column_fix_query=`/bin/echo -e \ - "USE mysql;\n" \ - "SET sql_log_bin=0;\n" \ - "ALTER TABLE user CHANGE Password Password char(41) character set latin1 collate latin1_bin DEFAULT '' NOT NULL;"` - - # Upgrade password column format before the root password gets set. - # NOTE: Lines like this apparently really need to be formatted this way - # for mysqld to process the correclty (;-delimiter, newlines etc) - echo "$password_column_fix_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER - - # Replace old maintenance user with auth_socket usage if migrating - replace_query=`/bin/echo -e \ - "USE mysql;\n" \ - "SET sql_mode='', sql_log_bin=0;\n" \ - "DROP USER 'debian-sys-maint'@'localhost';"` - # WARNING: This line might yield "The MariaDB server is running with - # the --skip-grant-tables option so it cannot execute this statement" + # Upgrade Password column format before the root password gets set. + echo -e \ + "SET sql_log_bin=0; + ALTER TABLE mysql.user CHANGE Password Password char(41) CHARACTER SET latin1 COLLATE latin1_bin DEFAULT '' NOT NULL;" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER - # Some plugins should installed per default. The query sequence is supposed - # to be aborted if the CREATE TABLE fails due to an already existent table in which case the - # admin might already have chosen to remove one or more plugins. Newlines are necessary. - install_plugins=`/bin/echo -e \ - "USE mysql;\n" \ - "SET sql_log_bin=0;\n" \ - "CREATE TABLE IF NOT EXISTS plugin (name char(64) COLLATE utf8_bin NOT NULL DEFAULT '', " \ - " dl char(128) COLLATE utf8_bin NOT NULL DEFAULT '', " \ - " PRIMARY KEY (name)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='MySQL plugins';\n" \ - "INSTALL PLUGIN unix_socket SONAME 'auth_socket';\n"` - - # Install plugins and ignore if already there + # Install plugin(s) and ignore if already there set +e - echo "$install_plugins" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER + # Some plugins should be installed by default. The query sequence is supposed to be + # aborted if the CREATE TABLE fails due to an already existent table in which case the + # admin might already have chosen to remove one or more plugins. Newlines are necessary. + echo -e \ + "SET sql_log_bin=0; + CREATE TABLE IF NOT EXISTS mysql.plugin (name CHAR(64) COLLATE utf8_bin NOT NULL DEFAULT '', + dl CHAR(128) COLLATE utf8_bin NOT NULL DEFAULT '', + PRIMARY KEY (name)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='MySQL plugins'; + INSERT INTO mysql.plugin (name, dl) VALUES ('unix_socket', 'auth_socket');" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER set -e if ! set_mysql_rootpw; then + # The reset of the root@localhost user password and the activation of + # the auth_socket plugin for it has failed password_error="yes" - # restore old config file if exists - [ -e $oldconf ] && mv $oldconf $dc + # The debian.cnf file is restored if pre-existing + [ -e "$oldconf" ] && mv "$oldconf" "$dc" else - [ -e $oldconf ] && rm -f $oldconf - # purge debian-sys-maint user + [ -e "$oldconf" ] && rm -f "$oldconf" + # Purge of the debian-sys-maint@localhost user that is replaced with + # auth_socket on root@localhost + + # WARNING: This line might yield "The MariaDB server is running with + # the --skip-grant-tables option so it cannot execute this statement" set +e - echo "$replace_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER + echo -e \ + "SET sql_mode='', sql_log_bin=0; + DROP USER 'debian-sys-maint'@'localhost';" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER set -e fi ;; @@ -210,7 +218,7 @@ ;; esac -# here we check to see if we can connect as root without a password +# Here we check to see if we can connect as root without a password # this should catch upgrades from previous versions where the root # password wasn't set. if there is a password, or if the connection # fails for any other reason, nothing happens.