Accepting request 499775 from home:favogt:branches:server:database

- Add mariadb-10.1.22-xtradb_null_checks.patch (boo#1041525) (See also https://jira.mariadb.org/browse/MDEV-12358) - switch from '/var/run' to '/run' as /var/run is just a symlink to /run - fix permissions for /var/run/mysql that were wrongly set to 700 instead of 755 due to added umask. This prevented non-root from connecting to the database [bsc#1038740] - change permissions of the configuration dir/files to 755/644. Please note that storing the password in the /etc/my.cnf file is not safe. Use for example an option file that is accessible only by yourself [bsc#889126] - set the default umask to 077 in mysql-systemd-helper [bsc#1020976] OBS-URL: https://build.opensuse.org/request/show/499775 OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=191
2017-05-30 14:00:01 +00:00
parent 407577a0ad
commit cc8871cde2
8 changed files with 45 additions and 21 deletions
--- a/21
+++ b/21
@@ -12,10 +12,10 @@ read_config() {
 	mysql_daemon_group=mysql
 	if [[ -z "$INSTANCE" ]]; then
 		datadir=/var/lib/mysql
-		socket="/var/run/mysql/mysql.sock"
+		socket="/run/mysql/mysql.sock"
 	else
 		datadir="/var/lib/mysql-$INSTANCE"
-		socket="/var/run/mysql/mysql.${INSTANCE}.sock"
+		socket="/run/mysql/mysql.${INSTANCE}.sock"
 	fi

 	# Read options - important for multi setup
@@ -75,7 +75,7 @@ mysql_upgrade() {
 		echo "Trying to run upgrade of MySQL databases..."

 		# Check whether upgrade process is not already running
-		protected="$(cat "/var/run/mysql/protecteddir.$INSTANCE" 2> /dev/null)"
+		protected="$(cat "/run/mysql/protecteddir.$INSTANCE" 2> /dev/null)"
 		if [[ -n "$protected" && -d "$protected" ]]; then
 			pid="$(cat "$protected/mysqld.pid" 2> /dev/null)"
 			if [[ "$pid" && -d "/proc/$pid" ]] &&
@@ -84,10 +84,10 @@ mysql_upgrade() {
 			else
 				echo "Stale files from previous upgrade detected, cleaned them up"
 				rm -rf "$protected"
-				rm -f "/var/run/mysql/protecteddir.$INSTANCE"
+				rm -f "/run/mysql/protecteddir.$INSTANCE"
 			fi
 		fi
-		protected="$(mktemp -d -p /var/tmp mysql-protected.XXXXXX | tee "/var/run/mysql/protecteddir.$INSTANCE")"
+		protected="$(mktemp -d -p /var/tmp mysql-protected.XXXXXX | tee "/run/mysql/protecteddir.$INSTANCE")"
 		[ -n "$protected" ] || die "Can't create a tmp dir '$protected'"

 		# Create a secure tmp dir
@@ -134,7 +134,7 @@ mysql_upgrade() {
 		# Cleanup
 		echo "Final cleanup"
 		if [[ -z "$up_ok" ]]; then
-			rm -rf "$protected" "/var/run/mysql/protecteddir.$INSTANCE"
+			rm -rf "$protected" "/run/mysql/protecteddir.$INSTANCE"
 		else 
 			die "Something failed during upgrade, please check logs"
 		fi
@@ -167,10 +167,15 @@ mysql_start() {
 # We rely on output in english at some points
 LC_ALL=C

+# set the default umask bsc#1020976
+umask 077
+
 INSTANCE="$2"
 read_config
-mkdir -p /var/run/mysql
-chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" /var/run/mysql
+mkdir -p /run/mysql
+# fix permissions for /run/mysql (bsc#1038740)
+chmod 755 /run/mysql
+chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" /run/mysql
 case "$1" in
 	install)
 		mysql_install ;;