[gentoo-commits] proj/mysql:master commit in: eclass/ - gentoo-commits

From:	Brian Evans <grknight@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/mysql:master commit in: eclass/
Date:	Wed, 15 Nov 2017 14:28:08
Message-Id:	`1510756019.3007cfdf814727b90978e91991c0ad26f2ad4a74.grknight@gentoo`

1

commit:     3007cfdf814727b90978e91991c0ad26f2ad4a74

2

Author:     Brian Evans <grknight <AT> gentoo <DOT> org>

3

AuthorDate: Wed Nov 15 14:26:59 2017 +0000

4

Commit:     Brian Evans <grknight <AT> gentoo <DOT> org>

5

CommitDate: Wed Nov 15 14:26:59 2017 +0000

6

URL:        https://gitweb.gentoo.org/proj/mysql.git/commit/?id=3007cfdf

7

8

mysql-multilib.eclass: Update security changes from Gentoo repo

9

10

Before removing from the Gentoo repo, update this overlay copy in case

11

we need it again.

12

13

 eclass/mysql-multilib.eclass | 35 ++++++++++++++---------------------

14

 1 file changed, 14 insertions(+), 21 deletions(-)

15

16

diff --git a/eclass/mysql-multilib.eclass b/eclass/mysql-multilib.eclass

17

index 14e1913..3cfdb81 100644

18

--- a/eclass/mysql-multilib.eclass

19

+++ b/eclass/mysql-multilib.eclass

20

@@ -843,14 +843,9 @@ mysql-multilib_pkg_postinst() {

21

 	# Make sure the vars are correctly initialized

22

 	mysql_init_vars

23

24

-	# Check FEATURES="collision-protect" before removing this

25

+	# Create log directory securely if it does not exist

26

 	[[ -d "${ROOT}${MY_LOGDIR}" ]] || install -d -m0750 -o mysql -g mysql "${ROOT}${MY_LOGDIR}"

27

28

-	# Secure the logfiles

29

-	touch "${ROOT}${MY_LOGDIR}"/mysql.{log,err}

30

-	chown mysql:mysql "${ROOT}${MY_LOGDIR}"/mysql*

31

-	chmod 0660 "${ROOT}${MY_LOGDIR}"/mysql*

32

-

33

 	# Minimal builds don't have the MySQL server

34

 	if use_if_iuse minimal ; then

35

:

36

@@ -1049,7 +1044,7 @@ mysql-multilib_pkg_config() {

37

 	${EROOT}/usr/sbin/mysqld --verbose --help >"${helpfile}" 2>/dev/null

38

 	for opt in grant-tables host-cache name-resolve networking slave-start \

39

 		federated ssl log-bin relay-log slow-query-log external-locking \

40

-		ndbcluster log-slave-updates \

41

+		ndbcluster log-slave-updates wsrep-on \

42

 		; do

43

 		optexp="--(skip-)?${opt}" optfull="--loose-skip-${opt}"

44

 		egrep -sq -- "${optexp}" "${helpfile}" && options="${options} ${optfull}"

45

@@ -1058,8 +1053,6 @@ mysql-multilib_pkg_config() {

46

 	egrep -sq external-locking "${helpfile}" && \

47

 	options="${options/skip-locking/skip-external-locking}"

48

49

-	use prefix || options="${options} --user=mysql"

50

-

51

 	# MySQL 5.6+ needs InnoDB

52

 	if [[ ${PN} == "mysql" || ${PN} == "percona-server" ]] ; then

53

 		mysql_version_is_at_least "5.6" || options="${options} --loose-skip-innodb"

54

@@ -1068,18 +1061,16 @@ mysql-multilib_pkg_config() {

55

 	einfo "Creating the mysql database and setting proper permissions on it ..."

56

57

 	# Now that /var/run is a tmpfs mount point, we need to ensure it exists before using it

58

-	PID_DIR="${EROOT}/var/run/mysqld"

59

+	local PID_DIR="${EROOT}/var/run/mysqld"

60

 	if [[ ! -d "${PID_DIR}" ]]; then

61

-		mkdir -p "${PID_DIR}" || die "Could not create pid directory"

62

-		chown mysql:mysql "${PID_DIR}" || die "Could not set ownership on pid directory"

63

-		chmod 755 "${PID_DIR}" || die "Could not set permissions on pid directory"

64

+		install -d -m 755 -o mysql -g mysql "${PID_DIR}" || die "Could not create pid directory"

65

fi

66

67

-	pushd "${TMPDIR}" &>/dev/null

68

+	if [[ ! -d "${MY_DATADIR}" ]]; then

69

+		install -d -m 750 -o mysql -g mysql "${MY_DATADIR}" || die "Could not create data directory"

70

+	fi

71

72

-	# Filling timezones, see

73

-	# http://dev.mysql.com/doc/mysql/en/time-zone-support.html

74

-	"${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > "${sqltmp}" 2>/dev/null

75

+	pushd "${TMPDIR}" &>/dev/null || die

76

77

 	local cmd

78

 	local initialize_options

79

@@ -1098,17 +1089,19 @@ mysql-multilib_pkg_config() {

80

fi

81

 	cmd="'$cmd' '--basedir=${EPREFIX}/usr' ${options} '--datadir=${ROOT}/${MY_DATADIR}' '--tmpdir=${ROOT}/${MYSQL_TMPDIR}' ${initialize_options}"

82

 	einfo "Command: $cmd"

83

-	eval $cmd \

84

+	su -s /bin/sh -c "${cmd}" mysql \

85

 		>"${TMPDIR}"/mysql_install_db.log 2>&1

86

 	if [ $? -ne 0 ]; then

87

 		grep -B5 -A999 -i "ERROR" "${TMPDIR}"/mysql_install_db.log 1>&2

88

 		die "Failed to initialize mysqld. Please review ${EPREFIX}/var/log/mysql/mysqld.err AND ${TMPDIR}/mysql_install_db.log"

89

fi

90

-	popd &>/dev/null

91

+	popd &>/dev/null || die

92

 	[[ -f "${ROOT}/${MY_DATADIR}/mysql/user.frm" ]] \

93

 	|| die "MySQL databases not installed"

94

-	chown -R mysql:mysql "${ROOT}/${MY_DATADIR}" 2>/dev/null

95

-	chmod 0750 "${ROOT}/${MY_DATADIR}" 2>/dev/null

96

+

97

+	# Filling timezones, see

98

+	# http://dev.mysql.com/doc/mysql/en/time-zone-support.html

99

+	"${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > "${sqltmp}" 2>/dev/null

100

101

 	local socket="${EROOT}/var/run/mysqld/mysqld${RANDOM}.sock"

102

 	local pidfile="${EROOT}/var/run/mysqld/mysqld${RANDOM}.pid"

1	commit: 3007cfdf814727b90978e91991c0ad26f2ad4a74
2	Author: Brian Evans <grknight <AT> gentoo <DOT> org>
3	AuthorDate: Wed Nov 15 14:26:59 2017 +0000
4	Commit: Brian Evans <grknight <AT> gentoo <DOT> org>
5	CommitDate: Wed Nov 15 14:26:59 2017 +0000
6	URL: https://gitweb.gentoo.org/proj/mysql.git/commit/?id=3007cfdf
7
8	mysql-multilib.eclass: Update security changes from Gentoo repo
9
10	Before removing from the Gentoo repo, update this overlay copy in case
11	we need it again.
12
13	eclass/mysql-multilib.eclass \| 35 ++++++++++++++---------------------
14	1 file changed, 14 insertions(+), 21 deletions(-)
15
16	diff --git a/eclass/mysql-multilib.eclass b/eclass/mysql-multilib.eclass
17	index 14e1913..3cfdb81 100644
18	--- a/eclass/mysql-multilib.eclass
19	+++ b/eclass/mysql-multilib.eclass
20	@@ -843,14 +843,9 @@ mysql-multilib_pkg_postinst() {
21	# Make sure the vars are correctly initialized
22	mysql_init_vars
23
24	- # Check FEATURES="collision-protect" before removing this
25	+ # Create log directory securely if it does not exist
26	[[ -d "${ROOT}${MY_LOGDIR}" ]] \|\| install -d -m0750 -o mysql -g mysql "${ROOT}${MY_LOGDIR}"
27
28	- # Secure the logfiles
29	- touch "${ROOT}${MY_LOGDIR}"/mysql.{log,err}
30	- chown mysql:mysql "${ROOT}${MY_LOGDIR}"/mysql*
31	- chmod 0660 "${ROOT}${MY_LOGDIR}"/mysql*
32	-
33	# Minimal builds don't have the MySQL server
34	if use_if_iuse minimal ; then
35	:
36	@@ -1049,7 +1044,7 @@ mysql-multilib_pkg_config() {
37	${EROOT}/usr/sbin/mysqld --verbose --help >"${helpfile}" 2>/dev/null
38	for opt in grant-tables host-cache name-resolve networking slave-start \
39	federated ssl log-bin relay-log slow-query-log external-locking \
40	- ndbcluster log-slave-updates \
41	+ ndbcluster log-slave-updates wsrep-on \
42	; do
43	optexp="--(skip-)?${opt}" optfull="--loose-skip-${opt}"
44	egrep -sq -- "${optexp}" "${helpfile}" && options="${options} ${optfull}"
45	@@ -1058,8 +1053,6 @@ mysql-multilib_pkg_config() {
46	egrep -sq external-locking "${helpfile}" && \
47	options="${options/skip-locking/skip-external-locking}"
48
49	- use prefix \|\| options="${options} --user=mysql"
50	-
51	# MySQL 5.6+ needs InnoDB
52	if [[ ${PN} == "mysql" \|\| ${PN} == "percona-server" ]] ; then
53	mysql_version_is_at_least "5.6" \|\| options="${options} --loose-skip-innodb"
54	@@ -1068,18 +1061,16 @@ mysql-multilib_pkg_config() {
55	einfo "Creating the mysql database and setting proper permissions on it ..."
56
57	# Now that /var/run is a tmpfs mount point, we need to ensure it exists before using it
58	- PID_DIR="${EROOT}/var/run/mysqld"
59	+ local PID_DIR="${EROOT}/var/run/mysqld"
60	if [[ ! -d "${PID_DIR}" ]]; then
61	- mkdir -p "${PID_DIR}" \|\| die "Could not create pid directory"
62	- chown mysql:mysql "${PID_DIR}" \|\| die "Could not set ownership on pid directory"
63	- chmod 755 "${PID_DIR}" \|\| die "Could not set permissions on pid directory"
64	+ install -d -m 755 -o mysql -g mysql "${PID_DIR}" \|\| die "Could not create pid directory"
65	fi
66
67	- pushd "${TMPDIR}" &>/dev/null
68	+ if [[ ! -d "${MY_DATADIR}" ]]; then
69	+ install -d -m 750 -o mysql -g mysql "${MY_DATADIR}" \|\| die "Could not create data directory"
70	+ fi
71
72	- # Filling timezones, see
73	- # http://dev.mysql.com/doc/mysql/en/time-zone-support.html
74	- "${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > "${sqltmp}" 2>/dev/null
75	+ pushd "${TMPDIR}" &>/dev/null \|\| die
76
77	local cmd
78	local initialize_options
79	@@ -1098,17 +1089,19 @@ mysql-multilib_pkg_config() {
80	fi
81	cmd="'$cmd' '--basedir=${EPREFIX}/usr' ${options} '--datadir=${ROOT}/${MY_DATADIR}' '--tmpdir=${ROOT}/${MYSQL_TMPDIR}' ${initialize_options}"
82	einfo "Command: $cmd"
83	- eval $cmd \
84	+ su -s /bin/sh -c "${cmd}" mysql \
85	>"${TMPDIR}"/mysql_install_db.log 2>&1
86	if [ $? -ne 0 ]; then
87	grep -B5 -A999 -i "ERROR" "${TMPDIR}"/mysql_install_db.log 1>&2
88	die "Failed to initialize mysqld. Please review ${EPREFIX}/var/log/mysql/mysqld.err AND ${TMPDIR}/mysql_install_db.log"
89	fi
90	- popd &>/dev/null
91	+ popd &>/dev/null \|\| die
92	[[ -f "${ROOT}/${MY_DATADIR}/mysql/user.frm" ]] \
93	\|\| die "MySQL databases not installed"
94	- chown -R mysql:mysql "${ROOT}/${MY_DATADIR}" 2>/dev/null
95	- chmod 0750 "${ROOT}/${MY_DATADIR}" 2>/dev/null
96	+
97	+ # Filling timezones, see
98	+ # http://dev.mysql.com/doc/mysql/en/time-zone-support.html
99	+ "${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > "${sqltmp}" 2>/dev/null
100
101	local socket="${EROOT}/var/run/mysqld/mysqld${RANDOM}.sock"
102	local pidfile="${EROOT}/var/run/mysqld/mysqld${RANDOM}.pid"

Gentoo Archives: gentoo-commits