postinst is in mysql-server-5.7 5.7.11-0ubuntu6.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 | #!/bin/bash
set -e
. /usr/share/debconf/confmodule
if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 }
export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
# This command can be used as pipe to syslog. With "-s" it also logs to stderr.
ERR_LOGGER="logger -p daemon.err -t mysqld_safe -i"
# Runs an arbitrary init sql file supplied in $1. Does not require login access
run_init_sql() {
tmpdir=`mktemp -d`
chown mysql:mysql "$tmpdir"
mysqld --user=mysql --init-file="$1" --socket="$tmpdir/mysqld.sock" --pid-file="$tmpdir/mysqld.pid" > /dev/null 2>&1
result=$?
rm -rf "$tmpdir"
return $result
}
# To avoid having hardcoded paths in the script, we do a search on the path, as suggested at:
# https://www.debian.org/doc/manuals/developers-reference/ch06.en.html#bpp-debian-maint-scripts
pathfind() {
OLDIFS="$IFS"
IFS=:
for p in $PATH; do
if [ -x "$p/$*" ]; then
IFS="$OLDIFS"
return 0
fi
done
IFS="$OLDIFS"
return 1
}
invoke() {
if pathfind invoke-rc.d; then
invoke-rc.d mysql $1
else
/etc/init.d/mysql $1
fi
}
# Check if there is passwordless root login
test_mysql_access() {
mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1
}
# Check if the debian-sys-maint user can log in
test_sysmaint_access() {
mysql --defaults-file=/etc/mysql/debian.cnf </dev/null >/dev/null 2>&1
}
# $1 is username, e.g. 'root' $2 is password
set_mysql_pw() {
# These variables are global (POSIX doesn't define local) so prefix them
# to avoid any potential collisions.
set_mysql_pw_user="$1"
set_mysql_pw_pass="$2"
set_mysql_pw_passfile=`mktemp --tmpdir=/var/lib/mysql-files/`
chown mysql:mysql "$set_mysql_pw_passfile"
echo "USE mysql;" >> "$set_mysql_pw_passfile"
echo "UPDATE user SET authentication_string=PASSWORD('$set_mysql_pw_pass') WHERE user='$set_mysql_pw_user';" >> "$set_mysql_pw_passfile"
echo "FLUSH PRIVILEGES;" >> "$set_mysql_pw_passfile"
echo "SHUTDOWN;" >> "$set_mysql_pw_passfile"
run_init_sql "$set_mysql_pw_passfile"
rm "$set_mysql_pw_passfile"
}
# This is necessary because mysql_install_db removes the pid file in /var/run
# and because changed configuration options should take effect immediately.
# In case the server wasn't running at all it should be ok if the stop
# script fails. I can't tell at this point because of the cleaned /var/run.
set +e; invoke stop; set -e
case "$1" in
configure)
mysql_datadir=/usr/share/mysql
mysql_statedir=/var/lib/mysql
mysql_rundir=/var/run/mysqld
mysql_logdir=/var/log/mysql
mysql_cfgdir=/etc/mysql
mysql_upgradedir=/var/lib/mysql-upgrade
mysql_filesdir=/var/lib/mysql-files
mysql_keyringdir=/var/lib/mysql-keyring
# mysqld gets called during postinst configure, so any
# updates to the AppArmor profile must be loaded first (before the
# dh_apparmor snippet added by debhelper does it properly at the end of
# this script). Otherwise, mysqld cannot for example load
# /etc/mysql/mysqld.conf.d/ on upgrade from 5.5 to 5.6, which was added in
# 5.6 packaging but not present in the AppArmor profile shipped with 5.5
# packaging.
#
# This a workaround. Status is tracked at https://launchpad.net/bugs/1435368
if aa-status --enabled 2>/dev/null; then
# It is common for this to fail because
# /etc/apparmor.d/local/usr.sbin.mysqld doesn't exist (eg. on first
# install). But if this happens, then the workaround is not required,
# so it doesn't matter. If instead it causes a security issue, then
# that doesn't really matter here as dh_apparmor should handle that
# correctly later on.
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.mysqld 2>/dev/null || true
fi
# New packaging paradigm for my.cnf as of Dec-2014 for sharing mysql
# variants in Ubuntu.
/usr/share/mysql-common/configure-symlinks install mysql "$mysql_cfgdir/mysql.cnf"
# Ensure the existence and right permissions for the database and
# log files.
for d in $mysql_statedir $mysql_filesdir $mysql_keyringdir $mysql_logdir
do
if [ ! -d "$d" -a ! -L "$d" ]; then mkdir "$d"; fi
chown -R mysql:mysql $d
chmod 0700 $d
done
# When creating an ext3 jounal on an already mounted filesystem like e.g.
# /var/lib/mysql, you get a .journal file that is not modifyable by chown.
# The mysql_datadir must not be writable by the mysql user under any
# circumstances as it contains scripts that are executed by root.
set +e
chown -R 0:0 $mysql_datadir
touch $mysql_logdir/error.log
chown -R mysql:adm $mysql_logdir
chmod 0750 $mysql_logdir
chmod 0640 $mysql_logdir/error.log
set -e
# This is important to avoid dataloss when there is a removed
# mysql-server version from Woody lying around which used the same
# data directory and then somewhen gets purged by the admin.
db_set mysql-server/postrm_remove_database false || true
## On every reconfiguration the maintenance user is recreated.
#
# - It is easier to regenerate the password every time but as people
# use fancy rsync scripts and file alteration monitors, the existing
# password is used and existing files not touched.
# - The echo is just for readability. ash's buildin has no "-e" so use /bin/echo.
# recreate the credentials file if not present or without mysql_upgrade stanza
dc=$mysql_cfgdir/debian.cnf;
if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
pass="`sed -n 's/^[ ]*password *= *// p' $dc | head -n 1`"
# Basedir is deprecated. Remove the option if it's in an existing debian.cnf
sed -i '/basedir/d' "$dc"
else
pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
umask 066
cat /dev/null > $dc
umask 022
echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
echo "[client]" >>$dc
echo "host = localhost" >>$dc
echo "user = debian-sys-maint" >>$dc
echo "password = $pass" >>$dc
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
echo "[mysql_upgrade]" >>$dc
echo "host = localhost" >>$dc
echo "user = debian-sys-maint" >>$dc
echo "password = $pass" >>$dc
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
fi
# If this dir chmod go+w then the admin did it. But this file should not.
chown 0:0 $dc
chmod 0600 $dc
# Initiate database. Output is not allowed by debconf :-(
# If database doesn't exist we create it.
if [ ! "$(ls -A "${mysql_statedir}")" ] && [ -d "${mysql_filesdir}" ]; then
existingdatabase=0
initfile=`mktemp --tmpdir=/var/lib/mysql-files/`
touch "$initfile"
chmod 600 "$initfile"
chown mysql:mysql "$initfile"
echo "USE mysql; " >> "$initfile"
db_get mysql-server/root_password && rootpw="$RET"
if [ ! -z "$rootpw" ]; then
echo "ALTER USER 'root'@'localhost' IDENTIFIED BY '$rootpw';" >> "$initfile"
fi
echo "CREATE USER IF NOT EXISTS 'debian-sys-maint'@'localhost' IDENTIFIED BY '$pass';" >> "$initfile"
echo "GRANT ALL ON *.* TO 'debian-sys-maint'@'localhost' WITH GRANT OPTION;" >> "$initfile"
echo "SHUTDOWN;" >> "$initfile"
# mysqld returns an error instead of a warning if CREATE USER IF NOT
# EXISTS fails, so ignore errors as a workaround. See:
# http://bugs.mysql.com/bug.php?id=80636
mysqld --initialize-insecure --user=mysql --init-file="$initfile"> /dev/null 2>&1 || true
rm "$initfile"
else
existingdatabase=1
fi
# To avoid downgrades. This has to happen after the database is created, or --initialize will fail
touch $mysql_statedir/debian-5.7.flag
;;
abort-upgrade|abort-remove|abort-configure)
;;
*)
echo "postinst called with unknown argument '$1'" 1>&2
exit 1
;;
esac
# The debhelper section is needed to unmask and enable the service
# in some cases like when upgrading from 5.5
# Automatically added by dh_apparmor
if [ "$1" = "configure" ]; then
APP_PROFILE="/etc/apparmor.d/usr.sbin.mysqld"
if [ -f "$APP_PROFILE" ]; then
# Add the local/ include
LOCAL_APP_PROFILE="/etc/apparmor.d/local/usr.sbin.mysqld"
test -e "$LOCAL_APP_PROFILE" || {
tmp=`mktemp`
cat <<EOM > "$tmp"
# Site-specific additions and overrides for usr.sbin.mysqld.
# For more details, please see /etc/apparmor.d/local/README.
EOM
mkdir `dirname "$LOCAL_APP_PROFILE"` 2>/dev/null || true
mv -f "$tmp" "$LOCAL_APP_PROFILE"
chmod 644 "$LOCAL_APP_PROFILE"
}
# Reload the profile, including any abstraction updates
if aa-status --enabled 2>/dev/null; then
apparmor_parser -r -T -W "$APP_PROFILE" || true
fi
fi
fi
# End automatically added section
# Automatically added by dh_systemd_enable
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask mysql.service >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled mysql.service; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable mysql.service >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state mysql.service >/dev/null || true
fi
# End automatically added section
# Automatically added by dh_installinit
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then
if [ -x "/etc/init.d/mysql" ]; then
update-rc.d mysql defaults 19 21 >/dev/null
fi
if [ -x "/etc/init.d/mysql" ] || [ -e "/etc/init/mysql.conf" ]; then
invoke-rc.d mysql start || exit $?
fi
fi
# End automatically added section
if [ "$1" = "configure" ]; then
# We want to run mysql_upgrade to cover users upgrading. First we check if
# the debian-sys-maint user can log in. If not, we reset its password first.
if [ $existingdatabase = 1 ]; then
if ! test_sysmaint_access; then
invoke stop
set_mysql_pw "debian-sys-maint" "$pass"
invoke start
fi
# mysql_upgrade returns exit status 2 if the database is already upgraded
# (LP: #1566406) so ignore its exit status if it is 2.
result=0
mysql_upgrade --defaults-file=/etc/mysql/debian.cnf || result=$?
if [ $result -ne 0 -a $result -ne 2 ]; then
echo "mysql_upgrade failed with exit status $result" >&2
exit 1
fi
fi
# Here we check to see if we can connect as root without a password
# this should catch upgrades from previous versions where the root
# password wasn't set. If the connection succeeds we install the
# auth_socket plugin and enable it for the root user to improve
# security.
if test_mysql_access; then
db_get mysql-server/root_password && rootpw="$RET"
if [ ! -z "$rootpw" ]; then
invoke stop
initfile=`mktemp --tmpdir=/var/lib/mysql-files/`
chown mysql:mysql "$initfile"
echo "ALTER USER 'root'@'localhost' IDENTIFIED WITH 'mysql_native_password' BY '$rootpw';" >> "$initfile"
echo "SHUTDOWN;" >> "$initfile"
invoke stop
run_init_sql "$initfile"
rm "$initfile"
invoke start
else
# Try to install auth_socket plugin. This throws an error if the plugin is
# already installed, which would end execution of the init sql to stop if
# --init-file was used. Bug: http://bugs.mysql.com/bug.php?id=80642
pluginfile=`mktemp --tmpdir=/var/lib/mysql-files/`
echo "INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';" >> "$pluginfile"
mysql --no-defaults -uroot < "$pluginfile" > /dev/null 2>&1 || true
rm "$pluginfile"
invoke stop
initfile=`mktemp --tmpdir=/var/lib/mysql-files/`
chown mysql:mysql "$initfile"
# If there is no root password set we enable the auth_socket plugin for the root user
echo "USE mysql;" >> "$initfile"
echo "ALTER USER 'root'@'localhost' IDENTIFIED WITH 'auth_socket';" >> "$initfile"
# Bug: http://bugs.mysql.com/bug.php?id=80632
echo "UPDATE user SET password_expired='N', account_locked='N' WHERE user='root';" >> "$initfile"
echo "FLUSH PRIVILEGES;" >> "$initfile"
echo "SHUTDOWN;" >> "$initfile"
# The INSTALL PLUGIN line will throw an error if the plugin is already installed
run_init_sql "$initfile"
rm "$initfile"
invoke start
fi
fi
fi
# forget we ever saw the password. don't use reset to keep the seen status
db_set mysql-server/root_password ""
db_set mysql-server/root_password_again ""
db_stop # in case invoke failes
exit 0
|