diff options
Diffstat (limited to 'debian/mariadb-server.postinst')
| -rw-r--r-- | debian/mariadb-server.postinst | 328 |
1 files changed, 328 insertions, 0 deletions
diff --git a/debian/mariadb-server.postinst b/debian/mariadb-server.postinst new file mode 100644 index 00000000..0ca5731b --- /dev/null +++ b/debian/mariadb-server.postinst @@ -0,0 +1,328 @@ +#!/bin/bash +set -e + +# shellcheck source=/dev/null +. /usr/share/debconf/confmodule + +if [ -n "$DEBIAN_SCRIPT_DEBUG" ] +then + set -v -x + DEBIAN_SCRIPT_TRACE=1 +fi + +${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2} + +export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin + +# This command can be used as pipe to syslog. With "-s" it also logs to stderr. +ERR_LOGGER="logger -p daemon.err -t mariadb-server.postinst -i" +# Specify syslog tag name so it is clear the entry came from this postinst script. +# This will make an error in a logged command immediately apparent by aborting +# the install, rather than failing silently and leaving a broken install. +set -o pipefail + +case "$1" in + configure) + # This is needed because mariadb-install-db removes the pid file in /run + # and because changed configuration options should take effect immediately. + # In case the server wasn't running at all it should be ok if the stop + # script fails. I can't tell at this point because of the cleaned /run. + set +e + invoke-rc.d mariadb stop + set -e + + # An existing /etc/init.d/mysql might be on the system if there was a + # previous MySQL or MariaDB installation, since /etc/init.d files are + # considered config files and stay around even after the package is removed. + # + # The install step of this package adds a new /etc/init.d/mariadb file. As + # we also want to ensure that there are no old (and potentially outdated) + # versions of /etc/init.d/mysql we simply replace it using a copy of the + # latest 'mariadb' file. This has also the added benefit that anything that + # invokes traditional sysv init with either 'mysql' or 'mariadb' will end up + # controlling this newly installed MariaDB, and thus we maintain better + # backwards compatibility. + # + # Note that the 'Provides' line is also updated to avoid 'insserv' exiting + # on failure (when it is run by update-rc.d) because of duplicate service + # names. + if [ -f "/etc/init.d/mysql" ] && [ -f "/etc/init.d/mariadb" ] + then + # Copy init file and rename the service name and filename on the fly + sed 's/Provides: mariadb/Provides: mysql/g' /etc/init.d/mariadb > /etc/init.d/mysql + # NOTE: Number of spaces/tabs is important here! + # Confirm if the sed worked + if ! grep --quiet "Provides: mysql" /etc/init.d/mysql + then + # If not, then delete the file to avoid failures later on + rm -f /etc/init.d/mysql + echo "Warning! Failed creating a mysql named copy of mariadb init.d file" + fi + fi + + mysql_statedir=/usr/share/mysql + mysql_datadir=/var/lib/mysql + mysql_logdir=/var/log/mysql + mysql_cfgdir=/etc/mysql + mysql_upgradedir=/var/lib/mysql-upgrade + + # If the following symlink exists, it is a preserved copy the old data dir + # created by the preinst script during a upgrade that would have otherwise + # been replaced by an empty mysql dir. This should restore it. + for dir in DATADIR LOGDIR + do + + if [ "$dir" = "DATADIR" ] + then + targetdir=$mysql_datadir + else + targetdir=$mysql_logdir + fi + + savelink="$mysql_upgradedir/$dir.link" + if [ -L "$savelink" ] + then + # If the targetdir was a symlink before we upgraded it is supposed + # to be either still be present or not existing anymore now. + if [ -L "$targetdir" ] + then + rm "$savelink" + elif [ ! -d "$targetdir" ] + then + mv "$savelink" "$targetdir" + else + # this should never even happen, but just in case... + mysql_tmp=$(mktemp -d -t mysql-symlink-restore-XXXXXX) + echo "this is very strange! see $mysql_tmp/README..." >&2 + mv "$targetdir" "$mysql_tmp" + cat << EOF > "$mysql_tmp/README" + +If you're reading this, it's most likely because you had replaced /var/lib/mysql +with a symlink, then upgraded to a new version of mysql, and then dpkg +removed your symlink (see #182747 and others). The mysql packages noticed +that this happened, and as a workaround have restored it. However, because +/var/lib/mysql seems to have been re-created in the meantime, and because +we don't want to rm -rf something we don't know as much about, we are going +to leave this unexpected directory here. If your database looks normal, +and this is not a symlink to your database, you should be able to blow +this all away. + +EOF + fi + fi + rmdir $mysql_upgradedir 2>/dev/null || true + + done # end 'for dir' loop + + # Upgrading from mysql.com needs might have the root user as auth_socket. + # auto.cnf is a sign of a mysql install, that doesn't exist in mariadb. + # We use lsof to protect against concurrent access by mysqld (mariadb has + # its own projection). We make sure we're not doing this on a MySQL-8.0 + # directory. + # This direct update is needed to enable an authentication mechanism to + # perform mariadb-upgrade, (MDEV-22678). To keep the impact minimal, we + # skip innodb and set key-buffer-size to 0 as it isn't reused. + if [ -f "$mysql_datadir/auto.cnf" ] && + [ -f "$mysql_datadir/mysql/user.MYD" ] && + ! lsof -nt "$mysql_datadir"/mysql/user.MYD > /dev/null && + [ ! -f "$mysql_datadir/undo_001" ] + then + echo "UPDATE mysql.user SET plugin='unix_socket' WHERE plugin='auth_socket';" | \ + mariadbd --skip-innodb --key_buffer_size=0 --default-storage-engine=MyISAM --bootstrap 2> /dev/null + fi + + # Ensure the existence and right permissions for the database and + # log files. Use mkdir option 'Z' to create with correct SELinux context. + if [ ! -d "$mysql_statedir" ] && [ ! -L "$mysql_statedir" ] + then + mkdir -Z "$mysql_statedir" + fi + if [ ! -d "$mysql_datadir" ] && [ ! -L "$mysql_datadir" ] + then + mkdir -Z "$mysql_datadir" + fi + + # When creating an ext3 jounal on an already mounted filesystem like e.g. + # /var/lib/mysql, you get a .journal file that is not modifiable by chown. + # The mysql_statedir must not be writable by the mysql user under any + # circumstances as it contains scripts that are executed by root. + set +e + find $mysql_statedir ! -uid 0 -print0 -or ! -gid 0 -print0 | xargs -0 -r sudo chown 0:0 + find $mysql_datadir ! -uid "$(id -u mysql)" -print0 | xargs -0 -r chown mysql + set -e + + ## Set the correct filesystem ownership for the PAM v2 plugin + # eg. /usr/lib/x86_64-linux-gnu/mysql/plugin/auth_pam_tool_dir/ + # NOTE! This is security sensitive, don't allow for a race condition. + # + # 1. Drop privileges of directory + # -> At this point only root can see and execute auth_pam_tool + chmod 0700 /usr/lib/mysql/plugin/auth_pam_tool_dir + # + # 2. Make binary setuid + # -> At this point only root can run the setuid binary so no escalation here yet + chmod 04755 /usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool + # + # 3. Allow user 'mysql' to see and execute auth_pam_tool + # -> Now user mysql owns the directory and can see and execute the binary inside + # -> Since the binary is setuid, user mysql gets limited root powers here to + # run the PAM authetications, which need root (e.g. to validate passwords + # against /etc/shadow) + chown mysql /usr/lib/mysql/plugin/auth_pam_tool_dir + + # This is important to avoid dataloss when there is a removed + # mysql-server version from Woody lying around which used the same + # data directory and then somehow gets purged by the admin. + db_set mariadb-server/postrm_remove_database false || true + + # Clean up old flags before setting new one + rm -f $mysql_datadir/debian-*.flag + # Flag data dir to avoid downgrades + # @TODO: Rewrite this to use the new upstream /var/lib/mysql_upgrade_info file + # instead of the legacy /var/lib/debian-XX.X.flag file + touch "$mysql_datadir/debian-__MARIADB_MAJOR_VER__.flag" + + # initiate databases. Output is not allowed by debconf :-( + # This will fail if we are upgrading an existing database; in this case + # mariadb-upgrade, called from the /etc/mysql/debian-start script, will + # handle things. + # Debian: beware of the bashisms... + # Debian: can safely run on upgrades with existing databases + # Workaround for Debian Bug #1022994: failure to create database when + # working with libpam-tmpdir (by setting TMPDIR to empty value). + set +e + TMPDIR='' bash /usr/bin/mariadb-install-db \ + --rpm --cross-bootstrap \ + --user=mysql --disable-log-bin \ + --skip-test-db 2>&1 | \ + $ERR_LOGGER + set -e + + # On new installations root user can connect via unix_socket. + # But on upgrades, scripts rely on debian-sys-maint user and + # credentials in /etc/mysql/debian.cnf + # All tools use --defaults-file=/etc/mysql/debian.cnf + # And while it's not needed for new installations, we keep using + # --defaults-file option for tools (for the sake of upgrades) + # and thus need /etc/mysql/debian.cnf to exist, even if it's empty. + # In the long run the goal is to obsolete this file. + dc="$mysql_cfgdir/debian.cnf" + if [ ! -d "$mysql_cfgdir" ] + then + install -o 0 -g 0 -m 0755 -d $mysql_cfgdir + fi + + if [ ! -e "$dc" ] + then + cat /dev/null > $dc + { + echo "# THIS FILE IS OBSOLETE. STOP USING IT IF POSSIBLE."; + echo "# This file exists only for backwards compatibility for"; + echo "# tools that run '--defaults-file=/etc/mysql/debian.cnf'"; + echo "# and have root level access to the local filesystem."; + echo "# With those permissions one can run 'mariadb' directly"; + echo "# anyway thanks to unix socket authentication and hence"; + echo "# this file is useless. See package README for more info."; + echo "[client]"; + echo "host = localhost"; + echo "user = root"; + echo "[mysql_upgrade]"; + echo "host = localhost"; + echo "user = root"; + echo "# THIS FILE WILL BE REMOVED IN A FUTURE DEBIAN RELEASE."; + } >> $dc + fi + # Keep it only root-readable, as it always was + chown 0:0 $dc + chmod 0600 $dc + + # If there is a real AppArmor profile, we reload it. + # If the default empty profile is installed, then we remove any old + # profile that may be loaded. + # This allows upgrade from old versions (that have an apparmor profile + # on by default) to work both to disable a default profile, and to keep + # any profile installed and maintained by users themselves. + profile="/etc/apparmor.d/usr.sbin.mariadbd" + if [ -f "$profile" ] && aa-status --enabled 2> /dev/null + then + if grep -q /usr/sbin/mariadbd "$profile" 2> /dev/null + then + apparmor_parser -r "$profile" || true + else + echo "/usr/sbin/mariadbd { }" | apparmor_parser --remove 2> /dev/null || true + fi + fi + + # The introduction of /etc/logrotate.d/mariadb has made the old config + # obsolete and it needs to be disabled to prevent logrotate running twice. + if [ -f /etc/logrotate.d/mysql-server ] + then + mv -vf /etc/logrotate.d/mysql-server /etc/logrotate.d/mysql-server.dpkg-bak + fi + + # The introduction of versionless server package is not fully backwards + # compatible as the purge of an old mariadb-server-x.y package would + # commands such as 'deb-systemd-helper purge mariadb.service' and + # 'update-rc.d mariadb remove'. Fix it by simly deleting any existing postrm + # stanzas opportunistically. + for old_postrm_file in /var/lib/dpkg/info/mariadb-server-10.?.postrm + do + # For loop will always run, but the globbing pattern will be expanded into + # something only if there are files that match the pattern, so we need to + # not act on it if the result is just the globbing pattern itself. + if [ "$old_postrm_file" != "/var/lib/dpkg/info/mariadb-server-10.?.postrm" ] + then + sed '/Automatically added by dh_installinit/,/End automatically added section/d' \ + -i "$old_postrm_file" || true + sed '/Automatically added by dh_systemd_enable/,/End automatically added section/d' \ + -i "$old_postrm_file" || true + fi + done + ;; + + abort-upgrade|abort-remove|abort-configure) + ;; + + triggered) + if [ -d /run/systemd/system ] + then + systemctl --system daemon-reload + elif [ -x /etc/init.d/mariadb ] + then + invoke-rc.d mariadb restart + fi + ;; + + *) + echo "postinst called with unknown argument '$1'" 1>&2 + exit 1 + ;; +esac + +db_stop # in case invoke fails + +# dh_systemd_start doesn't emit anything since we still ship /etc/init.d/mariadb. +# Thus MariaDB server is started via init.d script, which in turn redirects to +# systemctl. If we upgrade from MySQL mysql.service may be masked, which also +# means init.d script is disabled. Unmask mysql service explicitly. +# Check first that the command exists, to avoid emitting any warning messages. +if [ -x "$(command -v deb-systemd-helper)" ] +then + deb-systemd-helper unmask mysql.service > /dev/null +fi + +#DEBHELPER# + +# Modified dh_systemd_start snippet that's not added automatically +if [ -d /run/systemd/system ] +then + systemctl --system daemon-reload >/dev/null || true + deb-systemd-invoke start mariadb.service >/dev/null || true + # Modified dh_installinit snippet to only run with sysvinit +elif [ -x "/etc/init.d/mariadb" ] +then + if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] + then + invoke-rc.d mariadb start || exit $? + fi +fi |