#!/bin/bash set -e . /usr/share/debconf/confmodule if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi ${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 } export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin # This command can be used as pipe to syslog. With "-s" it also logs to stderr. ERR_LOGGER="logger -p daemon.err -t mysqld_safe -i" invoke() { if [ -x /usr/sbin/invoke-rc.d ]; then invoke-rc.d mysql $1 else /etc/init.d/mysql $1 fi } MYSQL_BOOTSTRAP="/usr/sbin/mysqld --bootstrap --user=mysql --skip-grant-tables" test_mysql_access() { mysql --no-defaults -u root -h localhost /dev/null 2>&1 } # call with $1 = "online" to connect to the server, otherwise it bootstraps set_mysql_rootpw() { # forget we ever saw the password. don't use reset to keep the seen status db_set mysql-server/root_password "" db_set mysql-server/root_password_again "" tfile=`mktemp` if [ ! -f "$tfile" ]; then return 1 fi # this avoids us having to call "test" or "[" on $rootpw cat << EOF > $tfile USE mysql; UPDATE user SET password=PASSWORD("$rootpw") WHERE user='root'; FLUSH PRIVILEGES; EOF if grep -q 'PASSWORD("")' $tfile; then retval=0 elif [ "$1" = "online" ]; then mysql --no-defaults -u root -h localhost <$tfile >/dev/null retval=$? else $MYSQL_BOOTSTRAP <$tfile retval=$? fi rm -f $tfile return $retval } # This is necessary because mysql_install_db removes the pid file in /var/run # and because changed configuration options should take effect immediately. # In case the server wasn't running at all it should be ok if the stop # script fails. I can't tell at this point because of the cleaned /var/run. set +e; invoke stop; set -e case "$1" in configure) mysql_datadir=/usr/share/mysql mysql_statedir=`/usr/sbin/mysqld --verbose --help 2>/dev/null | grep '^datadir\s' | awk '{ print $2 }'` mysql_rundir=/var/run/mysqld mysql_logdir=/var/log/mysql mysql_cfgdir=/etc/mysql mysql_upgradedir=/var/lib/mysql-upgrade # Ensure the existence and right permissions for the database and # log files. if [ ! -d "$mysql_statedir" -a ! -L "$mysql_statedir" ]; then mkdir "$mysql_statedir"; fi if [ ! -d "$mysql_statedir/mysql" -a ! -L "$mysql_statedir/mysql" ]; then mkdir "$mysql_statedir/mysql"; fi if [ ! -d "$mysql_logdir" -a ! -L "$mysql_logdir" ]; then mkdir "$mysql_logdir"; fi # When creating an ext3 jounal on an already mounted filesystem like e.g. # /var/lib/mysql, you get a .journal file that is not modifyable by chown. # The mysql_datadir must not be writable by the mysql user under any # circumstances as it contains scripts that are executed by root. set +e chown -R 0:0 $mysql_datadir chown -R mysql $mysql_statedir chmod 700 $mysql_statedir $mysql_statedir/mysql if [ ! -d "$mysql_rundir" ]; then mkdir "$mysql_rundir"; fi chown -R mysql $mysql_rundir touch $mysql_logdir/error.log chown -R mysql:adm $mysql_logdir chmod 0750 $mysql_logdir chmod 0640 $mysql_logdir/error.log set -e # This is important to avoid dataloss when there is a removed # mysql-server version from Woody lying around which used the same # data directory and then somewhen gets purged by the admin. db_set mysql-server/postrm_remove_database false || true # To avoid downgrades. touch $mysql_statedir/debian-5.6.flag # initiate databases. Output is not allowed by debconf :-( # Debian: can safely run on upgrades with existing databases set +e tfile_select_db=`mktemp` echo "USE mysql;" > $tfile_select_db MYSQL_EXTRA_OPTS=" --default-storage-engine=myisam --lc-messages-dir=/usr/share/mysql/english/.." MYSQL_CMDLINE=$MYSQL_BOOTSTRAP$MYSQL_EXTRA_OPTS cat $tfile_select_db $mysql_datadir/mysql_system_tables.sql $mysql_datadir/debian_create_root_user.sql $mysql_datadir/fill_help_tables.sql | $MYSQL_CMDLINE 2>&1 | $ERR_LOGGER rm $tfile_select_db set -e ## On every reconfiguration the maintenance user is recreated. # # - It is easier to regenerate the password every time but as people # use fancy rsync scripts and file alteration monitors, the existing # password is used and existing files not touched. # - The mysqld statement is like that in mysql_install_db because the # server is not already running. This has some implications: # - The amount of newlines and semicolons in the query is important! # - GRANT is not possible with --skip-grant-tables and "INSERT # (user,host..) VALUES" is not --ansi compliant # - The echo is just for readability. ash's buildin has no "-e" so use /bin/echo. # - The Super_priv, Show_db_priv, Create_tmp_table_priv and Lock_tables_priv # may not be present as old Woody 3.23 databases did not have it and the # admin might not already have run mysql_upgrade which adds them. # As the binlog cron scripts to need at least the Super_priv, I do first # the old query which always succeeds and then the new which may or may not. # recreate the credentials file if not present or without mysql_upgrade stanza dc=$mysql_cfgdir/debian.cnf; if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then pass="`sed -n 's/^[ ]*password *= *// p' $dc | head -n 1`" else pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`; if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi umask 066 cat /dev/null > $dc umask 022 echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc echo "[client]" >>$dc echo "host = localhost" >>$dc echo "user = debian-sys-maint" >>$dc echo "password = $pass" >>$dc echo "socket = $mysql_rundir/mysqld.sock" >>$dc echo "[mysql_upgrade]" >>$dc echo "host = localhost" >>$dc echo "user = debian-sys-maint" >>$dc echo "password = $pass" >>$dc echo "socket = $mysql_rundir/mysqld.sock" >>$dc echo "basedir = /usr" >>$dc fi # If this dir chmod go+w then the admin did it. But this file should not. chown 0:0 $dc chmod 0600 $dc replace_query=`echo -e \ "USE mysql;\n" \ "REPLACE INTO user SET " \ " host='localhost', user='debian-sys-maint', password=password('$pass'), " \ " Select_priv='Y', Insert_priv='Y', Update_priv='Y', Delete_priv='Y', " \ " Create_priv='Y', Drop_priv='Y', Reload_priv='Y', Shutdown_priv='Y', " \ " Process_priv='Y', File_priv='Y', Grant_priv='Y', References_priv='Y', " \ " Index_priv='Y', Alter_priv='Y', Super_priv='Y', Show_db_priv='Y', "\ " Create_tmp_table_priv='Y', Lock_tables_priv='Y', Execute_priv='Y', "\ " Repl_slave_priv='Y', Repl_client_priv='Y', Create_view_priv='Y', "\ " Show_view_priv='Y', Create_routine_priv='Y', Alter_routine_priv='Y', "\ " Create_user_priv='Y', Event_priv='Y', Trigger_priv='Y'; "`; # Engines supported by etch should be installed per default. The query sequence is supposed # to be aborted if the CREATE TABLE fails due to an already existent table in which case the # admin might already have chosen to remove one or more plugins. Newlines are necessary. install_plugins=`echo -e \ "USE mysql;\n" \ "CREATE TABLE IF NOT EXISTS plugin (name char(64) COLLATE utf8_bin NOT NULL DEFAULT '', " \ " dl char(128) COLLATE utf8_bin NOT NULL DEFAULT '', " \ " PRIMARY KEY (name)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='MySQL plugins';\n" \ "INSERT INTO plugin VALUES ('innodb', 'ha_innodb.so');\n" \ "INSERT INTO plugin VALUES ('federated', 'ha_federated.so');\n" \ "INSERT INTO plugin VALUES ('blackhole', 'ha_blackhole.so');\n" \ "INSERT INTO plugin VALUES ('archive', 'ha_archive.so');" ` db_get mysql-server/root_password && rootpw="$RET" if ! set_mysql_rootpw; then password_error="yes" fi echo "$replace_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER set +e echo "$install_plugins" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER set -e ;; abort-upgrade|abort-remove|abort-configure) ;; *) echo "postinst called with unknown argument '$1'" 1>&2 exit 1 ;; esac # here we check to see if we can connect as root without a password # this should catch upgrades from previous versions where the root # password wasn't set. if there is a password, or if the connection # fails for any other reason, nothing happens. if [ "$1" = "configure" ]; then if test_mysql_access; then db_input medium mysql-server/root_password || true db_go db_get mysql-server/root_password && rootpw="$RET" if ! set_mysql_rootpw "online"; then password_error="yes" fi fi if [ "$password_error" = "yes" ]; then db_input high mysql-server/error_setting_password || true db_go fi fi db_stop # in case invoke failes # Automatically added by dh_installinit if [ -x "/etc/init.d/mysql" ]; then update-rc.d mysql defaults 19 21 >/dev/null invoke-rc.d mysql start || exit $? fi # End automatically added section # Automatically added by dh_apparmor if [ "$1" = "configure" ]; then APP_PROFILE=/etc/apparmor.d/usr.sbin.mysqld if [ -f "$APP_PROFILE" ]; then # Add the local/ include LOCAL_APP_PROFILE=/etc/apparmor.d/local/usr.sbin.mysqld test -e "$LOCAL_APP_PROFILE" || { tmp=`mktemp` cat < "$tmp" # Site-specific additions and overrides for usr.sbin.mysqld. # For more details, please see /etc/apparmor.d/local/README. EOM mkdir `dirname $LOCAL_APP_PROFILE` 2>/dev/null || true mv -f "$tmp" "$LOCAL_APP_PROFILE" chmod 644 "$LOCAL_APP_PROFILE" } # Reload the profile, including any abstraction updates if [ -x /usr/sbin/aa-status ] && aa-status --enabled 2>/dev/null; then apparmor_parser -r -T -W "$APP_PROFILE" || true fi fi fi # End automatically added section exit 0