postinst is in mysql-server-5.7 5.7.21-1ubuntu1.
This file is a maintainer script. It is executed when installing (*inst) or removing (*rm) the package.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 | #!/bin/bash
set -e
. /usr/share/debconf/confmodule
if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 }
export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin
# This command can be used as pipe to syslog. With "-s" it also logs to stderr.
ERR_LOGGER="logger -p daemon.err -t mysqld_safe -i"
# Start the server with networking disabled and socket in a temporary location
# Usage: start_server <datadir> <tmpdir> <skip_grant>
# Params:
# datadir - Location of database files
# tmpdir - Used to store temporary pid and socket files
# skip_grant - If set, the server will be started with --skip-grant-tables
start_server() {
local datadir=$1
local tmpdir=$2
local skip_grant=$3
# If a database is already running, mysqld will keep trying to lock the files for ~100 seconds before failing.
# If the ibdata1 file is locked we fail immediately
if fuser "$datadir/ibdata1"; then
echo "ERROR: Database files are locked. Daemon already running?" >&2
return 1
fi
# The --daemonize flag makes the process fork, with the original exiting once the database is ready for use
if [ ! -z "$skip_grant" ]; then
mysqld --user=mysql --daemonize --socket="$tmpdir/mysqld.sock" --pid-file="$tmpdir/mysqld.pid" --skip-networking --skip-grant-tables
else
mysqld --user=mysql --daemonize --socket="$tmpdir/mysqld.sock" --pid-file="$tmpdir/mysqld.pid" --skip-networking
fi
}
# Shut down the server by sending a kill signal to the process
# Usage: stop_server <tmpdir>
# Params:
# tmpdir - Location of temporary pid-file
stop_server(){
local tmpdir=$1
# Send kill signal
server_pid=$(cat "$tmpdir/mysqld.pid")
kill "$server_pid"
for i in $(seq 1 60); do
sleep 0.1 # A full second is too long, but we need to give the server _some_ time.
if ! $(ps $server_pid >/dev/null 2>&1); then
return 0
fi
sleep 1
done
# The server hasn't shut down in a timely manner
echo "Error: Unable to shut down server with process id $server_pid" >&2
return 1
}
# Runs an arbitrary init sql file supplied in $1. Does not require login access
run_init_sql() {
tmpdir=`mktemp -d`
chown mysql:mysql "$tmpdir"
mysqld --user=mysql --init-file="$1" --socket="$tmpdir/mysqld.sock" --pid-file="$tmpdir/mysqld.pid" > /dev/null 2>&1
result=$?
rm -rf "$tmpdir"
return $result
}
# To avoid having hardcoded paths in the script, we do a search on the path, as suggested at:
# https://www.debian.org/doc/manuals/developers-reference/ch06.en.html#bpp-debian-maint-scripts
pathfind() {
OLDIFS="$IFS"
IFS=:
for p in $PATH; do
if [ -x "$p/$*" ]; then
IFS="$OLDIFS"
return 0
fi
done
IFS="$OLDIFS"
return 1
}
invoke() {
if pathfind invoke-rc.d; then
invoke-rc.d mysql $1
else
/etc/init.d/mysql $1
fi
}
# Check if server is able to start. If it fails we abort early and refer
# the user to a wiki page with solutions for common configuration problems.
test_mysqld_startup() {
# mysqld --verbose --help will output a full listing of settings and plugins.
# To do so it needs to initialize the database, so it can be used as a test
# for whether or not the server can start. We redirect stdout to /dev/null so
# only the error messages are left.
result=0
output=$(mysqld --verbose --help --innodb-read-only 2>&1 > /dev/null) || result=$?
if [ ! "$result" = "0" ]; then
echo "ERROR: Unable to start MySQL server:" >&2
echo "$output" >&2
echo "Please take a look at https://wiki.debian.org/Teams/MySQL/FAQ for tips on fixing common upgrade issues." >&2
echo "Once the problem is resolved, run apt-get --fix-broken install to retry." >&2
fi
return $result
}
# Default config in 5.5 and older 5.6 installations contains two deprecated
# options that were removed in 5.7. They were renamed, so we can fix this
# automatically. We create a backup of the old file
fix_old_config_options() {
[ -f /etc/mysql/my.cnf.migrated ] || return 0
sed -e 's/[[:space:]]*key_buffer[[:space:]]*=/# Obsolete key_buffer option renamed to key_buffer_size by maintainer script\nkey_buffer_size\t\t=/' \
-e 's/[[:space:]]*myisam-recover[[:space:]]*=/# Obsolete myisam-recover option renamed to myisam_recover_options by maintainer script\nmyisam_recover_options\t=/' /etc/mysql/my.cnf.migrated --in-place=.bak
# If nothing was changed, remove the new file
if cmp -s /etc/mysql/my.cnf.migrated /etc/mysql/my.cnf.migrated.bak; then
mv /etc/mysql/my.cnf.migrated.bak /etc/mysql/my.cnf.migrated
fi
}
# Check if there is passwordless root login
# Usage: test_mysql_access <tmpdir>
# Params:
# tmpdir - Location of mysqld.sock file
test_mysql_access() {
local tmpdir=$1
mysql --no-defaults -u root --socket="$tmpdir/mysqld.sock" </dev/null >/dev/null 2>&1
}
this_version=5.7
# This is necessary because mysql_install_db removes the pid file in /var/run
# and because changed configuration options should take effect immediately.
# In case the server wasn't running at all it should be ok if the stop
# script fails. I can't tell at this point because of the cleaned /var/run.
set +e; invoke stop; set -e
case "$1" in
configure)
# INSERT ANY VERSIONED UPGRADE PATH HANDLING HERE AND NO LATER
# Versioned upgrade path handling must be done before freeze mode detection;
# otherwise the following freeze mode handling may cause upgrade path
# handling to be skipped over multiple version upgrades, meaning that the
# upgrade path handling never runs on some systems where freeze mode
# remains active for a long period.
if [ -e /etc/mysql/FROZEN -o -h /etc/mysql/FROZEN ]; then
db_input critical mysql-server-$this_version/installation_freeze_mode_active || true
db_go
db_stop
echo "Packaging maintenance of MySQL will stop and the daemon disabled to prevent damage to your system." 1>&2
echo "For help, see /etc/mysql/FROZEN" 1>&2
exit 0
fi
mysql_datadir=/usr/share/mysql
mysql_statedir=/var/lib/mysql
mysql_rundir=/var/run/mysqld
mysql_logdir=/var/log/mysql
mysql_cfgdir=/etc/mysql
mysql_upgradedir=/var/lib/mysql-upgrade
mysql_filesdir=/var/lib/mysql-files
mysql_keyringdir=/var/lib/mysql-keyring
# mysqld gets called during postinst configure, so any
# updates to the AppArmor profile must be loaded first (before the
# dh_apparmor snippet added by debhelper does it properly at the end of
# this script). Otherwise, mysqld cannot for example load
# /etc/mysql/mysqld.conf.d/ on upgrade from 5.5 to 5.6, which was added in
# 5.6 packaging but not present in the AppArmor profile shipped with 5.5
# packaging.
#
# This a workaround. Status is tracked at https://launchpad.net/bugs/1435368
if aa-status --enabled 2>/dev/null; then
# It is common for this to fail because
# /etc/apparmor.d/local/usr.sbin.mysqld doesn't exist (eg. on first
# install). But if this happens, then the workaround is not required,
# so it doesn't matter. If instead it causes a security issue, then
# that doesn't really matter here as dh_apparmor should handle that
# correctly later on.
apparmor_parser -r -T -W /etc/apparmor.d/usr.sbin.mysqld 2>/dev/null || true
fi
# New packaging paradigm for my.cnf as of Dec-2014 for sharing mysql
# variants in Ubuntu.
/usr/share/mysql-common/configure-symlinks install mysql "$mysql_cfgdir/mysql.cnf"
# Ensure the existence and right permissions for the database and
# log files.
for d in $mysql_statedir $mysql_filesdir $mysql_keyringdir $mysql_logdir
do
if [ ! -d "$d" -a ! -L "$d" ]; then mkdir "$d"; fi
chown -R mysql:mysql $d
chmod 0700 $d
done
# When creating an ext3 jounal on an already mounted filesystem like e.g.
# /var/lib/mysql, you get a .journal file that is not modifyable by chown.
# The mysql_datadir must not be writable by the mysql user under any
# circumstances as it contains scripts that are executed by root.
set +e
chown -R 0:0 $mysql_datadir
touch $mysql_logdir/error.log
chown -R mysql:adm $mysql_logdir
chmod 0750 $mysql_logdir
chmod 0640 $mysql_logdir/error.log
set -e
# This is important to avoid dataloss when there is a removed
# mysql-server version from Woody lying around which used the same
# data directory and then somewhen gets purged by the admin.
db_set mysql-server/postrm_remove_database false || true
# Fix old options that were deprecated in 5.5 and removed in 5.7
if dpkg --compare-versions "$2" le "5.7.13-0ubuntu3~"; then
echo "Renaming removed key_buffer and myisam-recover options (if present)"
fix_old_config_options
fi
# Sanity check to make sure the server can start
test_mysqld_startup
## On every reconfiguration the maintenance user is recreated.
#
# - It is easier to regenerate the password every time but as people
# use fancy rsync scripts and file alteration monitors, the existing
# password is used and existing files not touched.
# - The echo is just for readability. ash's buildin has no "-e" so use /bin/echo.
# recreate the credentials file if not present or without mysql_upgrade stanza
dc=$mysql_cfgdir/debian.cnf;
if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
pass="`sed -n 's/^[ ]*password *= *// p' $dc | head -n 1`"
# Basedir is deprecated. Remove the option if it's in an existing debian.cnf
sed -i '/basedir/d' "$dc"
else
pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
umask 066
cat /dev/null > $dc
umask 022
echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
echo "[client]" >>$dc
echo "host = localhost" >>$dc
echo "user = debian-sys-maint" >>$dc
echo "password = $pass" >>$dc
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
echo "[mysql_upgrade]" >>$dc
echo "host = localhost" >>$dc
echo "user = debian-sys-maint" >>$dc
echo "password = $pass" >>$dc
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
fi
# If this dir chmod go+w then the admin did it. But this file should not.
chown 0:0 $dc
chmod 0600 $dc
# Initiate database. Output is not allowed by debconf :-(
# If database doesn't exist we create it.
if [ ! "$(ls -A "${mysql_statedir}")" ] && [ -d "${mysql_filesdir}" ]; then
existingdatabase=0
initfile=`mktemp --tmpdir=/var/lib/mysql-files/`
touch "$initfile"
chmod 600 "$initfile"
chown mysql:mysql "$initfile"
echo "USE mysql; " >> "$initfile"
db_get mysql-server/root_password && rootpw="$RET"
if [ ! -z "$rootpw" ]; then
rootpw=$(printf %q "${rootpw}")
echo "ALTER USER 'root'@'localhost' IDENTIFIED BY '$rootpw';" >> "$initfile"
fi
echo "CREATE USER IF NOT EXISTS 'debian-sys-maint'@'localhost' IDENTIFIED BY '$pass';" >> "$initfile"
echo "GRANT ALL ON *.* TO 'debian-sys-maint'@'localhost' WITH GRANT OPTION;" >> "$initfile"
echo "SHUTDOWN;" >> "$initfile"
# mysqld returns an error instead of a warning if CREATE USER IF NOT
# EXISTS fails, so ignore errors as a workaround. See:
# http://bugs.mysql.com/bug.php?id=80636
mysqld --initialize-insecure --user=mysql --init-file="$initfile"> /dev/null 2>&1 || true
rm "$initfile"
else
existingdatabase=1
fi
# To avoid downgrades. This has to happen after the database is created, or --initialize will fail
touch $mysql_statedir/debian-5.7.flag
;;
abort-upgrade|abort-remove|abort-configure)
;;
*)
echo "postinst called with unknown argument '$1'" 1>&2
exit 1
;;
esac
if [ "$1" = "configure" ]; then
# We want to run mysql_upgrade to cover users upgrading. Since
# mysql_upgrade is a client and we don't know the root credentials,
# we run the server in skip_grant mode to allow it access.
if [ $existingdatabase = 1 ]; then
# Generate a tmpdir to store socket and pid files
tmpdir=$(mktemp -d)
chown mysql:mysql "$tmpdir"
mysql_statedir=/var/lib/mysql
result=0
start_server "$mysql_statedir" "$tmpdir" "skip_grant" || result=$?
# If the server fails to start, then skip the various client operations
if [ $result -ne 0 ]; then
echo "Warning: Unable to start the server. Please restart MySQL and run mysql_upgrade to ensure the database is ready for use." >&2
else
# mysql_upgrade returns exit status 2 if the database is already upgraded
# (LP: #1566406) so ignore its exit status if it is 2.
result=0
mysql_upgrade --no-defaults --socket="$tmpdir/mysqld.sock" || result=$?
if [ $result -ne 0 -a $result -ne 2 ]; then
echo "mysql_upgrade failed with exit status $result" >&2
stop_server "$tmpdir"
rm -rf "$tmpdir"
exit 1
fi
# Stop the server
stop_server "$tmpdir"
fi
rm -rf "$tmpdir"
fi
# Here we check to see if we can connect as root without a password
# this should catch upgrades from previous versions where the root
# password wasn't set. If the connection succeeds we install the
# auth_socket plugin and enable it for the root user to improve
# security.
tmpdir=$(mktemp -d)
chown mysql:mysql "$tmpdir"
mysql_statedir=/var/lib/mysql
result=0
start_server "$mysql_statedir" "$tmpdir" || result=$?
if [ $result -ne 0 ]; then
echo "Warning: Unable to start the server." >&2
elif test_mysql_access "$tmpdir"; then
db_get mysql-server/root_password && rootpw="$RET"
if [ ! -z "$rootpw" ]; then
stop_server "$tmpdir"
rootpw=$(printf %q "${rootpw}")
initfile=`mktemp --tmpdir=/var/lib/mysql-files/`
chown mysql:mysql "$initfile"
echo "ALTER USER 'root'@'localhost' IDENTIFIED WITH 'mysql_native_password' BY '$rootpw';" >> "$initfile"
echo "SHUTDOWN;" >> "$initfile"
run_init_sql "$initfile"
rm "$initfile"
else
# Try to install auth_socket plugin. This throws an error if the plugin is
# already installed, which would end execution of the init sql to stop if
# --init-file was used. Bug: http://bugs.mysql.com/bug.php?id=80642
pluginfile=`mktemp --tmpdir=/var/lib/mysql-files/`
echo "INSTALL PLUGIN auth_socket SONAME 'auth_socket.so';" >> "$pluginfile"
mysql --no-defaults --socket="$tmpdir/mysqld.sock" -uroot < "$pluginfile" > /dev/null 2>&1 || true
rm "$pluginfile"
stop_server "$tmpdir"
initfile=`mktemp --tmpdir=/var/lib/mysql-files/`
chown mysql:mysql "$initfile"
# If there is no root password set we enable the auth_socket plugin for the root user
echo "USE mysql;" >> "$initfile"
echo "ALTER USER 'root'@'localhost' IDENTIFIED WITH 'auth_socket';" >> "$initfile"
echo "SHUTDOWN;" >> "$initfile"
# The INSTALL PLUGIN line will throw an error if the plugin is already installed
run_init_sql "$initfile"
rm "$initfile"
fi
else
stop_server "$tmpdir"
fi
rm -rf "$tmpdir"
fi
# forget we ever saw the password. don't use reset to keep the seen status
db_set mysql-server/root_password ""
db_set mysql-server/root_password_again ""
db_stop # in case invoke failes
# Automatically added by dh_apparmor/UNDECLARED
aa_is_enabled() {
if command aa-enabled >/dev/null 2>&1; then
# apparmor >= 2.10.95-2
aa-enabled --quiet 2>/dev/null
else
# apparmor << 2.10.95-2
# (This should be removed once Debian Stretch and Ubuntu 18.04 are out.)
rc=0
aa-status --enabled 2>/dev/null || rc=$?
[ "$rc" = 0 ] || [ "$rc" = 2 ]
fi
}
if [ "$1" = "configure" ]; then
APP_PROFILE="/etc/apparmor.d/usr.sbin.mysqld"
if [ -f "$APP_PROFILE" ]; then
# Add the local/ include
LOCAL_APP_PROFILE="/etc/apparmor.d/local/usr.sbin.mysqld"
test -e "$LOCAL_APP_PROFILE" || {
tmp=`mktemp`
cat <<EOM > "$tmp"
# Site-specific additions and overrides for usr.sbin.mysqld.
# For more details, please see /etc/apparmor.d/local/README.
EOM
mkdir `dirname "$LOCAL_APP_PROFILE"` 2>/dev/null || true
mv -f "$tmp" "$LOCAL_APP_PROFILE"
chmod 644 "$LOCAL_APP_PROFILE"
}
# Reload the profile, including any abstraction updates
if aa_is_enabled; then
apparmor_parser -r -T -W "$APP_PROFILE" || true
fi
fi
fi
# End automatically added section
# Automatically added by dh_systemd_enable/11.1.4ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask 'mysql.service' >/dev/null || true
# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled 'mysql.service'; then
# Enables the unit on first installation, creates new
# symlinks on upgrades if the unit file has changed.
deb-systemd-helper enable 'mysql.service' >/dev/null || true
else
# Update the statefile to add new symlinks (if any), which need to be
# cleaned up on purge. Also remove old symlinks.
deb-systemd-helper update-state 'mysql.service' >/dev/null || true
fi
fi
# End automatically added section
# Automatically added by dh_installinit/11.1.4ubuntu1
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
if [ -x "/etc/init.d/mysql" ]; then
update-rc.d mysql defaults 19 21 >/dev/null
invoke-rc.d mysql start || exit 1
fi
fi
# End automatically added section
exit 0
|