diff options
| author | Sergey Vojtovich <svoj@mariadb.org> | 2015-11-04 20:13:15 +0400 |
|---|---|---|
| committer | Sergey Vojtovich <svoj@mariadb.org> | 2015-11-06 12:11:06 +0400 |
| commit | 7f5e005d164bef02de3a524d19391d135af46408 (patch) | |
| tree | bab6c0c9a4c097ec3de1c451cb6c1e20fa058f55 /debian | |
| parent | 60ad33984090af2262d17232ceab1c1c9231fd24 (diff) | |
| download | mariadb-git-7f5e005d164bef02de3a524d19391d135af46408.tar.gz | |
MDEV-9080 - Debian: incorrect empty password check in postinst
There was code that was supposed to "catch upgrades from previous versions where
the root password wasn't set". But it is wrong in many regards:
- it is supposed to be executed against running server, but at this point server
should be down, which makes this code no-op
- if the above is fixed, root password will be requested twice (initial root
password request + this one)
- it asks for a password only once, while "initial root password request" asks
twice (password + password verification)
- it may give false positive if unix socket based authentication is in effect
Removed this code since it didn't work for quite a while (at least since
mysql-5.1) and nobody cared about it.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/mariadb-server-10.1.postinst | 46 |
1 files changed, 9 insertions, 37 deletions
diff --git a/debian/mariadb-server-10.1.postinst b/debian/mariadb-server-10.1.postinst index c7373d06a05..40492a296ca 100644 --- a/debian/mariadb-server-10.1.postinst +++ b/debian/mariadb-server-10.1.postinst @@ -23,11 +23,6 @@ invoke() { MYSQL_BOOTSTRAP="/usr/sbin/mysqld --bootstrap --user=mysql --disable-log-bin --skip-grant-tables --default-storage-engine=myisam" -test_mysql_access() { - mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1 -} - -# call with $1 = "online" to connect to the server, otherwise it bootstraps set_mysql_rootpw() { # forget we ever saw the password. don't use reset to keep the seen status db_set mysql-server/root_password "" @@ -47,9 +42,6 @@ FLUSH PRIVILEGES; EOF if grep -q 'PASSWORD("")' $tfile; then retval=0 - elif [ "$1" = "online" ]; then - mysql --no-defaults -u root -h localhost <$tfile >/dev/null - retval=$? else $MYSQL_BOOTSTRAP <$tfile retval=$? @@ -208,7 +200,8 @@ EOF db_get mysql-server/root_password && rootpw="$RET" if ! set_mysql_rootpw; then - password_error="yes" + db_input high mysql-server/error_setting_password || true + db_go fi set +e @@ -229,6 +222,13 @@ EOF echo "/usr/sbin/mysqld { }" | apparmor_parser --remove 2>/dev/null || true fi fi + + # copy out any mysqld_safe settings + systemd_conf=/etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf + if [ -x /usr/bin/mariadb-service-convert -a ! -f "${systemd_conf}" ]; then + mkdir -p /etc/systemd/system/mariadb.service.d + /usr/bin/mariadb-service-convert > "${systemd_conf}" + fi ;; abort-upgrade|abort-remove|abort-configure) @@ -240,34 +240,6 @@ EOF ;; esac -# here we check to see if we can connect as root without a password -# this should catch upgrades from previous versions where the root -# password wasn't set. if there is a password, or if the connection -# fails for any other reason, nothing happens. -if [ "$1" = "configure" ]; then - if test_mysql_access; then - db_input medium mysql-server/root_password || true - db_go - db_get mysql-server/root_password && rootpw="$RET" - - if ! set_mysql_rootpw "online"; then - password_error="yes" - fi - fi - - if [ "$password_error" = "yes" ]; then - db_input high mysql-server/error_setting_password || true - db_go - fi - - # copy out any mysqld_safe settings - systemd_conf=/etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf - if [ -x /usr/bin/mariadb-service-convert -a ! -f "${systemd_conf}" ]; then - mkdir -p /etc/systemd/system/mariadb.service.d - /usr/bin/mariadb-service-convert > "${systemd_conf}" - fi -fi - db_stop # in case invoke failes # dh_systemd_start doesn't emit anything since we still ship /etc/init.d/mysql. |