[Commits] 002672f: MDEV-9080 - Debian: incorrect empty password check in postinst

Sergey Vojtovich svoj at mariadb.org
Wed Nov 4 18:22:02 EET 2015


revision-id: 002672f3d631be1110e12bafbca1ea052646753f (mariadb-10.1.8-24-g002672f)
parent(s): 01bd3737777f8f0cf2e1737d01a48033a7615b2a
committer: Sergey Vojtovich
timestamp: 2015-11-04 20:13:15 +0400
message:

MDEV-9080 - Debian: incorrect empty password check in postinst

There was code that was supposed to "catch upgrades from previous versions where
the root password wasn't set". But it is wrong in many regards:
- it is supposed to be executed against running server, but at this point server
  should be down, which makes this code no-op
- if the above is fixed, root password will be requested twice (initial root
  password request + this one)
- it asks for a password only once, while "initial root password request" asks
  twice (password + password verification)
- it may give false positive if unix socket based authentication is in effect

Removed this code since it didn't work for quite a while (at least since
mysql-5.1) and nobody cared about it.

---
 debian/mariadb-server-10.1.postinst | 38 +++++++++----------------------------
 1 file changed, 9 insertions(+), 29 deletions(-)

diff --git a/debian/mariadb-server-10.1.postinst b/debian/mariadb-server-10.1.postinst
index c7373d0..78e32a57 100644
--- a/debian/mariadb-server-10.1.postinst
+++ b/debian/mariadb-server-10.1.postinst
@@ -208,7 +208,8 @@ EOF
 
     db_get mysql-server/root_password && rootpw="$RET"
     if ! set_mysql_rootpw; then
-        password_error="yes"
+      db_input high mysql-server/error_setting_password || true
+      db_go
     fi
 
     set +e
@@ -229,6 +230,13 @@ EOF
             echo "/usr/sbin/mysqld { }" | apparmor_parser --remove 2>/dev/null || true
 	fi
     fi
+
+    # copy out any mysqld_safe settings
+    systemd_conf=/etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
+    if [ -x /usr/bin/mariadb-service-convert -a ! -f "${systemd_conf}" ]; then
+      mkdir -p /etc/systemd/system/mariadb.service.d
+      /usr/bin/mariadb-service-convert > "${systemd_conf}"
+    fi
   ;;
 
   abort-upgrade|abort-remove|abort-configure)
@@ -240,34 +248,6 @@ EOF
   ;;
 esac
 
-# here we check to see if we can connect as root without a password
-# this should catch upgrades from previous versions where the root
-# password wasn't set.  if there is a password, or if the connection
-# fails for any other reason, nothing happens.
-if [ "$1" = "configure" ]; then
-       if test_mysql_access; then
-               db_input medium mysql-server/root_password || true
-               db_go
-               db_get mysql-server/root_password && rootpw="$RET"
-
-               if ! set_mysql_rootpw "online"; then
-                       password_error="yes"
-               fi
-       fi
-
-       if [ "$password_error" = "yes" ]; then
-               db_input high mysql-server/error_setting_password || true
-               db_go
-       fi
-
-       # copy out any mysqld_safe settings
-       systemd_conf=/etc/systemd/system/mariadb.service.d/migrated-from-my.cnf-settings.conf
-       if [ -x /usr/bin/mariadb-service-convert  -a ! -f "${systemd_conf}" ]; then
-              mkdir -p /etc/systemd/system/mariadb.service.d
-              /usr/bin/mariadb-service-convert > "${systemd_conf}"
-       fi
-fi
-
 db_stop # in case invoke failes
 
 # dh_systemd_start doesn't emit anything since we still ship /etc/init.d/mysql.


More information about the commits mailing list