SHA256
1
0
forked from pool/mariadb

Accepting request 499775 from home:favogt:branches:server:database

- Add mariadb-10.1.22-xtradb_null_checks.patch (boo#1041525)
  (See also https://jira.mariadb.org/browse/MDEV-12358)
- switch from '/var/run' to '/run' as /var/run is just a symlink to /run
- fix permissions for /var/run/mysql that were wrongly set to
  700 instead of 755 due to added umask. This prevented non-root
  from connecting to the database [bsc#1038740]
- change permissions of the configuration dir/files to 755/644.
  Please note that storing the password in the /etc/my.cnf file is
  not safe. Use for example an option file that is accessible only
  by yourself [bsc#889126]
- set the default umask to 077 in mysql-systemd-helper [bsc#1020976]

OBS-URL: https://build.opensuse.org/request/show/499775
OBS-URL: https://build.opensuse.org/package/show/server:database/mariadb?expand=0&rev=191
This commit is contained in:
Dominique Leuenberger 2017-05-30 14:00:01 +00:00 committed by Git OBS Bridge
parent 407577a0ad
commit cc8871cde2
8 changed files with 45 additions and 21 deletions

View File

@ -35,7 +35,7 @@ made some manual adjustments to your /etc/my.cnf, try to merge this file with
File locations changes: File locations changes:
- MySQL socket file and pid file were moved from /var/lib/mysql to more - MySQL socket file and pid file were moved from /var/lib/mysql to more
reasonable location ( /var/run/mysql ) by default. reasonable location ( /run/mysql ) by default.
- MySQL log files are in /var/log/mysql. - MySQL log files are in /var/log/mysql.
3) BerkeleyDB: 3) BerkeleyDB:

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:182f496096993eaebf7d94ee7f897c091def2d12f96235b6a8d1b4c65246e7f0 oid sha256:851e21785b81a17512093dbfac98c8d10752bc571e7e57b5b44dc7db0aa6d52a
size 568 size 564

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Tue May 30 13:12:47 UTC 2017 - fvogt@suse.com
- Add mariadb-10.1.22-xtradb_null_checks.patch (boo#1041525)
(See also https://jira.mariadb.org/browse/MDEV-12358)
- switch from '/var/run' to '/run' as /var/run is just a symlink to /run
- fix permissions for /var/run/mysql that were wrongly set to
700 instead of 755 due to added umask. This prevented non-root
from connecting to the database [bsc#1038740]
- change permissions of the configuration dir/files to 755/644.
Please note that storing the password in the /etc/my.cnf file is
not safe. Use for example an option file that is accessible only
by yourself [bsc#889126]
- set the default umask to 077 in mysql-systemd-helper [bsc#1020976]
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 11 13:35:46 UTC 2017 - kstreitova@suse.com Tue Apr 11 13:35:46 UTC 2017 - kstreitova@suse.com

View File

@ -544,7 +544,7 @@ for i in "${DOCS[@]}"; do
install -m 644 "${i}" "${DOCDIR}" || true install -m 644 "${i}" "${DOCDIR}" || true
done done
# Default configuration file # Default configuration file
install -m 660 %{SOURCE14} %{buildroot}%{_sysconfdir}/my.cnf install -m 664 %{SOURCE14} %{buildroot}%{_sysconfdir}/my.cnf
# Systemd/initscript # Systemd/initscript
install -D -m 755 %{_sourcedir}/mysql-systemd-helper '%{buildroot}'%{_libexecdir}/mysql/mysql-systemd-helper install -D -m 755 %{_sourcedir}/mysql-systemd-helper '%{buildroot}'%{_libexecdir}/mysql/mysql-systemd-helper
@ -744,9 +744,9 @@ rm -f %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}
%files -f mysql.files %files -f mysql.files
%defattr(-, root, root) %defattr(-, root, root)
%config(noreplace) %attr(0640, root, mysql) %{_sysconfdir}/my.cnf %config(noreplace) %attr(0644, root, mysql) %{_sysconfdir}/my.cnf
%dir %attr(0750, root, mysql) %{_sysconfdir}/my.cnf.d %dir %attr(0755, root, mysql) %{_sysconfdir}/my.cnf.d
%config(noreplace) %attr(0640, root, mysql) %{_sysconfdir}/my.cnf.d/* %config(noreplace) %attr(0644, root, mysql) %{_sysconfdir}/my.cnf.d/*
%config %{_sysconfdir}/logrotate.d/%{name} %config %{_sysconfdir}/logrotate.d/%{name}
%doc %{_defaultdocdir}/%{name} %doc %{_defaultdocdir}/%{name}
%dir %{_libexecdir}/mysql %dir %{_libexecdir}/mysql

9
my.ini
View File

@ -2,11 +2,14 @@
# It is based on upstream defaults with some additional examples. # It is based on upstream defaults with some additional examples.
# The following options will be passed to all MariaDB clients # The following options will be passed to all MySQL/MariaDB clients
[client] [client]
# Please note that storing the password in this file is not safe. For this
# purpose you can, for example, list your password in the [client] section
# of the '~/.my.cnf' configuration file with an access mode set to 400 or 600.
# password = your_password # password = your_password
# port = 3306 # port = 3306
# socket = /var/run/mysql/mysql.sock # socket = /run/mysql/mysql.sock
[mysqld] [mysqld]
@ -38,7 +41,7 @@ server-id = 1
# These are commonly set, remove the # and set as required. # These are commonly set, remove the # and set as required.
# port = 3306 # port = 3306
# socket = /var/run/mysql/mysql.sock # socket = /run/mysql/mysql.sock
# Don't listen on a TCP/IP port at all. This can be a security enhancement, # Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host. # if all processes that need to connect to mysqld run on the same host.

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1 version https://git-lfs.github.com/spec/v1
oid sha256:0019be3884b882b55fedae019233490e90c51f6906f1d8181b55ed43d46bad51 oid sha256:cc0841d11b85109131ed973648058f6a254224c0aa4b06f61a475cb226719d7b
size 11952 size 12112

View File

@ -12,10 +12,10 @@ read_config() {
mysql_daemon_group=mysql mysql_daemon_group=mysql
if [[ -z "$INSTANCE" ]]; then if [[ -z "$INSTANCE" ]]; then
datadir=/var/lib/mysql datadir=/var/lib/mysql
socket="/var/run/mysql/mysql.sock" socket="/run/mysql/mysql.sock"
else else
datadir="/var/lib/mysql-$INSTANCE" datadir="/var/lib/mysql-$INSTANCE"
socket="/var/run/mysql/mysql.${INSTANCE}.sock" socket="/run/mysql/mysql.${INSTANCE}.sock"
fi fi
# Read options - important for multi setup # Read options - important for multi setup
@ -75,7 +75,7 @@ mysql_upgrade() {
echo "Trying to run upgrade of MySQL databases..." echo "Trying to run upgrade of MySQL databases..."
# Check whether upgrade process is not already running # Check whether upgrade process is not already running
protected="$(cat "/var/run/mysql/protecteddir.$INSTANCE" 2> /dev/null)" protected="$(cat "/run/mysql/protecteddir.$INSTANCE" 2> /dev/null)"
if [[ -n "$protected" && -d "$protected" ]]; then if [[ -n "$protected" && -d "$protected" ]]; then
pid="$(cat "$protected/mysqld.pid" 2> /dev/null)" pid="$(cat "$protected/mysqld.pid" 2> /dev/null)"
if [[ "$pid" && -d "/proc/$pid" ]] && if [[ "$pid" && -d "/proc/$pid" ]] &&
@ -84,10 +84,10 @@ mysql_upgrade() {
else else
echo "Stale files from previous upgrade detected, cleaned them up" echo "Stale files from previous upgrade detected, cleaned them up"
rm -rf "$protected" rm -rf "$protected"
rm -f "/var/run/mysql/protecteddir.$INSTANCE" rm -f "/run/mysql/protecteddir.$INSTANCE"
fi fi
fi fi
protected="$(mktemp -d -p /var/tmp mysql-protected.XXXXXX | tee "/var/run/mysql/protecteddir.$INSTANCE")" protected="$(mktemp -d -p /var/tmp mysql-protected.XXXXXX | tee "/run/mysql/protecteddir.$INSTANCE")"
[ -n "$protected" ] || die "Can't create a tmp dir '$protected'" [ -n "$protected" ] || die "Can't create a tmp dir '$protected'"
# Create a secure tmp dir # Create a secure tmp dir
@ -134,7 +134,7 @@ mysql_upgrade() {
# Cleanup # Cleanup
echo "Final cleanup" echo "Final cleanup"
if [[ -z "$up_ok" ]]; then if [[ -z "$up_ok" ]]; then
rm -rf "$protected" "/var/run/mysql/protecteddir.$INSTANCE" rm -rf "$protected" "/run/mysql/protecteddir.$INSTANCE"
else else
die "Something failed during upgrade, please check logs" die "Something failed during upgrade, please check logs"
fi fi
@ -167,10 +167,15 @@ mysql_start() {
# We rely on output in english at some points # We rely on output in english at some points
LC_ALL=C LC_ALL=C
# set the default umask bsc#1020976
umask 077
INSTANCE="$2" INSTANCE="$2"
read_config read_config
mkdir -p /var/run/mysql mkdir -p /run/mysql
chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" /var/run/mysql # fix permissions for /run/mysql (bsc#1038740)
chmod 755 /run/mysql
chown --no-dereference "$mysql_daemon_user:$mysql_daemon_group" /run/mysql
case "$1" in case "$1" in
install) install)
mysql_install ;; mysql_install ;;

1
series
View File

@ -10,3 +10,4 @@ mariadb-10.0.15-logrotate-su.patch
mariadb-10.1.12-fortify-and-O.patch mariadb-10.1.12-fortify-and-O.patch
mariadb-10.1.16-systemd-cmake.patch mariadb-10.1.16-systemd-cmake.patch
mariadb-10.1.18-mysql_install_db-mariadb_dirs.patch mariadb-10.1.18-mysql_install_db-mariadb_dirs.patch
mariadb-10.1.22-xtradb_null_checks.patch