1 |
commit: 3007cfdf814727b90978e91991c0ad26f2ad4a74 |
2 |
Author: Brian Evans <grknight <AT> gentoo <DOT> org> |
3 |
AuthorDate: Wed Nov 15 14:26:59 2017 +0000 |
4 |
Commit: Brian Evans <grknight <AT> gentoo <DOT> org> |
5 |
CommitDate: Wed Nov 15 14:26:59 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/mysql.git/commit/?id=3007cfdf |
7 |
|
8 |
mysql-multilib.eclass: Update security changes from Gentoo repo |
9 |
|
10 |
Before removing from the Gentoo repo, update this overlay copy in case |
11 |
we need it again. |
12 |
|
13 |
eclass/mysql-multilib.eclass | 35 ++++++++++++++--------------------- |
14 |
1 file changed, 14 insertions(+), 21 deletions(-) |
15 |
|
16 |
diff --git a/eclass/mysql-multilib.eclass b/eclass/mysql-multilib.eclass |
17 |
index 14e1913..3cfdb81 100644 |
18 |
--- a/eclass/mysql-multilib.eclass |
19 |
+++ b/eclass/mysql-multilib.eclass |
20 |
@@ -843,14 +843,9 @@ mysql-multilib_pkg_postinst() { |
21 |
# Make sure the vars are correctly initialized |
22 |
mysql_init_vars |
23 |
|
24 |
- # Check FEATURES="collision-protect" before removing this |
25 |
+ # Create log directory securely if it does not exist |
26 |
[[ -d "${ROOT}${MY_LOGDIR}" ]] || install -d -m0750 -o mysql -g mysql "${ROOT}${MY_LOGDIR}" |
27 |
|
28 |
- # Secure the logfiles |
29 |
- touch "${ROOT}${MY_LOGDIR}"/mysql.{log,err} |
30 |
- chown mysql:mysql "${ROOT}${MY_LOGDIR}"/mysql* |
31 |
- chmod 0660 "${ROOT}${MY_LOGDIR}"/mysql* |
32 |
- |
33 |
# Minimal builds don't have the MySQL server |
34 |
if use_if_iuse minimal ; then |
35 |
: |
36 |
@@ -1049,7 +1044,7 @@ mysql-multilib_pkg_config() { |
37 |
${EROOT}/usr/sbin/mysqld --verbose --help >"${helpfile}" 2>/dev/null |
38 |
for opt in grant-tables host-cache name-resolve networking slave-start \ |
39 |
federated ssl log-bin relay-log slow-query-log external-locking \ |
40 |
- ndbcluster log-slave-updates \ |
41 |
+ ndbcluster log-slave-updates wsrep-on \ |
42 |
; do |
43 |
optexp="--(skip-)?${opt}" optfull="--loose-skip-${opt}" |
44 |
egrep -sq -- "${optexp}" "${helpfile}" && options="${options} ${optfull}" |
45 |
@@ -1058,8 +1053,6 @@ mysql-multilib_pkg_config() { |
46 |
egrep -sq external-locking "${helpfile}" && \ |
47 |
options="${options/skip-locking/skip-external-locking}" |
48 |
|
49 |
- use prefix || options="${options} --user=mysql" |
50 |
- |
51 |
# MySQL 5.6+ needs InnoDB |
52 |
if [[ ${PN} == "mysql" || ${PN} == "percona-server" ]] ; then |
53 |
mysql_version_is_at_least "5.6" || options="${options} --loose-skip-innodb" |
54 |
@@ -1068,18 +1061,16 @@ mysql-multilib_pkg_config() { |
55 |
einfo "Creating the mysql database and setting proper permissions on it ..." |
56 |
|
57 |
# Now that /var/run is a tmpfs mount point, we need to ensure it exists before using it |
58 |
- PID_DIR="${EROOT}/var/run/mysqld" |
59 |
+ local PID_DIR="${EROOT}/var/run/mysqld" |
60 |
if [[ ! -d "${PID_DIR}" ]]; then |
61 |
- mkdir -p "${PID_DIR}" || die "Could not create pid directory" |
62 |
- chown mysql:mysql "${PID_DIR}" || die "Could not set ownership on pid directory" |
63 |
- chmod 755 "${PID_DIR}" || die "Could not set permissions on pid directory" |
64 |
+ install -d -m 755 -o mysql -g mysql "${PID_DIR}" || die "Could not create pid directory" |
65 |
fi |
66 |
|
67 |
- pushd "${TMPDIR}" &>/dev/null |
68 |
+ if [[ ! -d "${MY_DATADIR}" ]]; then |
69 |
+ install -d -m 750 -o mysql -g mysql "${MY_DATADIR}" || die "Could not create data directory" |
70 |
+ fi |
71 |
|
72 |
- # Filling timezones, see |
73 |
- # http://dev.mysql.com/doc/mysql/en/time-zone-support.html |
74 |
- "${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > "${sqltmp}" 2>/dev/null |
75 |
+ pushd "${TMPDIR}" &>/dev/null || die |
76 |
|
77 |
local cmd |
78 |
local initialize_options |
79 |
@@ -1098,17 +1089,19 @@ mysql-multilib_pkg_config() { |
80 |
fi |
81 |
cmd="'$cmd' '--basedir=${EPREFIX}/usr' ${options} '--datadir=${ROOT}/${MY_DATADIR}' '--tmpdir=${ROOT}/${MYSQL_TMPDIR}' ${initialize_options}" |
82 |
einfo "Command: $cmd" |
83 |
- eval $cmd \ |
84 |
+ su -s /bin/sh -c "${cmd}" mysql \ |
85 |
>"${TMPDIR}"/mysql_install_db.log 2>&1 |
86 |
if [ $? -ne 0 ]; then |
87 |
grep -B5 -A999 -i "ERROR" "${TMPDIR}"/mysql_install_db.log 1>&2 |
88 |
die "Failed to initialize mysqld. Please review ${EPREFIX}/var/log/mysql/mysqld.err AND ${TMPDIR}/mysql_install_db.log" |
89 |
fi |
90 |
- popd &>/dev/null |
91 |
+ popd &>/dev/null || die |
92 |
[[ -f "${ROOT}/${MY_DATADIR}/mysql/user.frm" ]] \ |
93 |
|| die "MySQL databases not installed" |
94 |
- chown -R mysql:mysql "${ROOT}/${MY_DATADIR}" 2>/dev/null |
95 |
- chmod 0750 "${ROOT}/${MY_DATADIR}" 2>/dev/null |
96 |
+ |
97 |
+ # Filling timezones, see |
98 |
+ # http://dev.mysql.com/doc/mysql/en/time-zone-support.html |
99 |
+ "${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > "${sqltmp}" 2>/dev/null |
100 |
|
101 |
local socket="${EROOT}/var/run/mysqld/mysqld${RANDOM}.sock" |
102 |
local pidfile="${EROOT}/var/run/mysqld/mysqld${RANDOM}.pid" |