From: mhoellein Date: Wed, 8 Jul 2020 18:44:07 +0000 (+0200) Subject: committing changes in /etc made by "apt-get install mysql-server-8.0" X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=1bf2e555ee857292cca3b206e858b9e7b0668537;p=vserver committing changes in /etc made by "apt-get install mysql-server-8.0" Package changes: -mariadb-client-core-10.3 1:10.3.22-1ubuntu1 amd64 -mariadb-server-core-10.3 1:10.3.22-1ubuntu1 amd64 +mysql-client-8.0 8.0.20-0ubuntu0.20.04.1 amd64 +mysql-client-core-8.0 8.0.20-0ubuntu0.20.04.1 amd64 +mysql-server-core-8.0 8.0.20-0ubuntu0.20.04.1 amd64 --- diff --git a/apparmor.d/usr.sbin.mysqld b/apparmor.d/usr.sbin.mysqld index 4ffb7eab5..185cceb8b 100644 --- a/apparmor.d/usr.sbin.mysqld +++ b/apparmor.d/usr.sbin.mysqld @@ -1,15 +1,84 @@ -# This file is intensionally empty to disable apparmor by default for newer -# versions of MariaDB, while providing seamless upgrade from older versions -# and from mysql, where apparmor is used. -# -# By default, we do not want to have any apparmor profile for the MariaDB -# server. It does not provide much useful functionality/security, and causes -# several problems for users who often are not even aware that apparmor -# exists and runs on their system. -# -# Users can modify and maintain their own profile, and in this case it will -# be used. -# -# When upgrading from previous version, users who modified the profile -# will be promptet to keep or discard it, while for default installs -# we will automatically disable the profile. +# vim:syntax=apparmor +# Last Modified: Tue Feb 09 15:28:30 2016 +#include + +/usr/sbin/mysqld { + #include + #include + #include + #include + #include + +# Allow system resource access + /proc/*/status r, + /sys/devices/system/cpu/ r, + /sys/devices/system/node/ r, + /sys/devices/system/node/** r, + capability sys_resource, + capability dac_override, + capability dac_read_search, + capability setuid, + capability setgid, + +# Allow network access + network tcp, + + /etc/hosts.allow r, + /etc/hosts.deny r, + +# Allow config access + /etc/mysql/** r, + +# Allow pid, socket, socket lock file access + /var/run/mysqld/mysqld.pid rw, + /var/run/mysqld/mysqld.sock rw, + /var/run/mysqld/mysqld.sock.lock rw, + /var/run/mysqld/mysqlx.sock rw, + /var/run/mysqld/mysqlx.sock.lock rw, + /run/mysqld/mysqld.pid rw, + /run/mysqld/mysqld.sock rw, + /run/mysqld/mysqld.sock.lock rw, + /run/mysqld/mysqlx.sock rw, + /run/mysqld/mysqlx.sock.lock rw, + +# Allow systemd notify messages + /{,var/}run/systemd/notify w, + +# Allow execution of server binary + /usr/sbin/mysqld mr, + /usr/sbin/mysqld-debug mr, + +# Allow plugin access + /usr/lib/mysql/plugin/ r, + /usr/lib/mysql/plugin/*.so* mr, + +# Allow error msg and charset access + /usr/share/mysql/ r, + /usr/share/mysql/** r, + +# Allow data dir access + /var/lib/mysql/ r, + /var/lib/mysql/** rwk, + +# Allow data files dir access + /var/lib/mysql-files/ r, + /var/lib/mysql-files/** rwk, + +# Allow keyring dir access + /var/lib/mysql-keyring/ r, + /var/lib/mysql-keyring/** rwk, + +# Allow log file access + /var/log/mysql.err rw, + /var/log/mysql.log rw, + /var/log/mysql/ r, + /var/log/mysql/** rw, + +# Allow read access to mecab files + /var/lib/mecab/dic/ipadic-utf8/** r, + +# Allow read access to OpenSSL config + /etc/ssl/openssl.cnf r, + # Site-specific additions and overrides. See local/README for details. + #include +} diff --git a/init.d/mysql b/init.d/mysql index 0694ed752..51537d20b 100755 --- a/init.d/mysql +++ b/init.d/mysql @@ -4,12 +4,12 @@ # Provides: mysql # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog -# Should-Start: $network $named $time -# Should-Stop: $network $named $time +# Should-Start: $network $time +# Should-Stop: $network $time # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start and stop the mysql database server daemon -# Description: Controls the main MariaDB database server daemon "mysqld" +# Description: Controls the main MySQL database server daemon "mysqld" # and its wrapper script "mysqld_safe". ### END INIT INFO # @@ -17,28 +17,17 @@ set -e set -u ${DEBIAN_SCRIPT_DEBUG:+ set -v -x} -test -x /usr/sbin/mysqld || exit 0 +test -x /usr/bin/mysqld_safe || exit 0 . /lib/lsb/init-functions SELF=$(cd $(dirname $0); pwd -P)/$(basename $0) - +CONF=/etc/mysql/my.cnf MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" -# priority can be overridden and "-s" adds output to stderr +# priority can be overriden and "-s" adds output to stderr ERR_LOGGER="logger -p daemon.err -t /etc/init.d/mysql -i" -if [ -f /etc/default/mysql ]; then - . /etc/default/mysql -fi - -# Also source default/mariadb in case the installation was upgraded from -# packages originally installed from MariaDB.org repositories, which have -# had support for reading /etc/default/mariadb since March 2016. -if [ -f /etc/default/mariadb ]; then - . /etc/default/mariadb -fi - # Safeguard (relative paths, core dumps..) cd / umask 077 @@ -52,11 +41,11 @@ export HOME=/etc/mysql/ # # Usage: void mysqld_get_param option mysqld_get_param() { - /usr/sbin/mysqld --print-defaults \ - | tr " " "\n" \ - | grep -- "--$1" \ - | tail -n 1 \ - | cut -d= -f2 + /usr/sbin/mysqld --print-defaults \ + | tr " " "\n" \ + | grep -- "--$1" \ + | tail -n 1 \ + | cut -d= -f2 } ## Do some sanity checks before even trying to start mysqld. @@ -83,21 +72,21 @@ sanity_checks() { # # Usage: boolean mysqld_status [check_alive|check_dead] [warn|nowarn] mysqld_status () { - ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? )) - - ps_alive=0 - pidfile=`mysqld_get_param pid-file` - if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi - - if [ "$1" = "check_alive" -a $ping_alive = 1 ] || - [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then - return 0 # EXIT_SUCCESS - else - if [ "$2" = "warn" ]; then - echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug + ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? )) + + ps_alive=0 + pidfile=`mysqld_get_param pid-file` + if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi + + if [ "$1" = "check_alive" -a $ping_alive = 1 ] || + [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then + return 0 # EXIT_SUCCESS + else + if [ "$2" = "warn" ]; then + echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug + fi + return 1 # EXIT_FAILURE fi - return 1 # EXIT_FAILURE - fi } # @@ -105,103 +94,98 @@ mysqld_status () { # case "${1:-''}" in - 'start') - sanity_checks; - # Start daemon - log_daemon_msg "Starting MariaDB database server" "mysqld" - if mysqld_status check_alive nowarn; then - log_progress_msg "already running" - log_end_msg 0 - else - # Could be removed during boot - test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld - - # Start MariaDB! - /usr/bin/mysqld_safe "${@:2}" 2>&1 >/dev/null | $ERR_LOGGER & - - for i in $(seq 1 "${MYSQLD_STARTUP_TIMEOUT:-30}"); do - sleep 1 - if mysqld_status check_alive nowarn ; then break; fi - log_progress_msg "." - done - if mysqld_status check_alive warn; then - log_end_msg 0 - # Now start mysqlcheck or whatever the admin wants. - output=$(/etc/mysql/debian-start) - if [ -n "$output" ]; then - log_action_msg "$output" - fi - else - log_end_msg 1 - log_failure_msg "Please take a look at the syslog" - fi - fi - ;; + sanity_checks; + # Start daemon + log_daemon_msg "Starting MySQL database server" "mysqld" + if mysqld_status check_alive nowarn; then + log_progress_msg "already running" + log_end_msg 0 + else + # Could be removed during boot + test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld + + # Start MySQL! + su - mysql -s /bin/sh -c "/usr/bin/mysqld_safe > /dev/null 2>&1 &" + + # 6s was reported in #352070 to be too few when using ndbcluster + # 14s was reported in #736452 to be too few with large installs + for i in $(seq 1 30); do + sleep 1 + if mysqld_status check_alive nowarn ; then break; fi + log_progress_msg "." + done + if mysqld_status check_alive warn; then + log_end_msg 0 + # Now start mysqlcheck or whatever the admin wants. + output=$(/etc/mysql/debian-start) + [ -n "$output" ] && log_action_msg "$output" + else + log_end_msg 1 + log_failure_msg "Please take a look at the syslog" + fi + fi + ;; 'stop') - # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible - # at least for cron, we can rely on it here, too. (although we have - # to specify it explicit as e.g. sudo environments points to the normal - # users home and not /root) - log_daemon_msg "Stopping MariaDB database server" "mysqld" - if ! mysqld_status check_dead nowarn; then - set +e - shutdown_out=`$MYADMIN shutdown 2>&1`; r=$? - set -e - if [ "$r" -ne 0 ]; then - log_end_msg 1 - [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out" - log_daemon_msg "Killing MariaDB database server by signal" "mysqld" - killall -15 mysqld - server_down= - for i in `seq 1 600`; do - sleep 1 - if mysqld_status check_dead nowarn; then server_down=1; break; fi - done - if test -z "$server_down"; then killall -9 mysqld; fi - fi - fi - - if ! mysqld_status check_dead warn; then - log_end_msg 1 - log_failure_msg "Please stop MariaDB manually and read /usr/share/doc/mariadb-server-10.3/README.Debian.gz!" - exit -1 - else - log_end_msg 0 - fi - ;; + # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible + # at least for cron, we can rely on it here, too. (although we have + # to specify it explicit as e.g. sudo environments points to the normal + # users home and not /root) + log_daemon_msg "Stopping MySQL database server" "mysqld" + if ! mysqld_status check_dead nowarn; then + set +e + shutdown_out=`$MYADMIN shutdown 2>&1`; r=$? + set -e + if [ "$r" -ne 0 ]; then + log_end_msg 1 + [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out" + log_daemon_msg "Killing MySQL database server by signal" "mysqld" + killall -15 mysqld + server_down= + for i in 1 2 3 4 5 6 7 8 9 10; do + sleep 1 + if mysqld_status check_dead nowarn; then server_down=1; break; fi + done + if test -z "$server_down"; then killall -9 mysqld; fi + fi + fi + + if ! mysqld_status check_dead warn; then + log_end_msg 1 + log_failure_msg "Please stop MySQL manually and read /usr/share/doc/mysql-server-5.7/README.Debian.gz!" + exit -1 + else + log_end_msg 0 + fi + ;; 'restart') - set +e; $SELF stop; set -e - shift - $SELF start "${@}" - ;; + set +e; $SELF stop; set -e + $SELF start + ;; 'reload'|'force-reload') - log_daemon_msg "Reloading MariaDB database server" "mysqld" - $MYADMIN reload - log_end_msg 0 - ;; + log_daemon_msg "Reloading MySQL database server" "mysqld" + $MYADMIN reload + log_end_msg 0 + ;; 'status') - if mysqld_status check_alive nowarn; then - log_action_msg "$($MYADMIN version)" - else - log_action_msg "MariaDB is stopped." - exit 3 - fi - ;; - - 'bootstrap') - # Bootstrap the cluster, start the first node - # that initiates the cluster - log_daemon_msg "Bootstrapping the cluster" "mysqld" - $SELF start "${@:2}" --wsrep-new-cluster - ;; + if mysqld_status check_alive nowarn; then + log_action_msg "$($MYADMIN version)" + else + log_action_msg "MySQL is stopped." + exit 3 + fi + ;; *) - echo "Usage: $SELF start|stop|restart|reload|force-reload|status|bootstrap" - exit 1 - ;; + echo "Usage: $SELF start|stop|restart|reload|force-reload|status" + exit 1 + ;; esac + +# Some success paths end up returning non-zero so exit 0 explicitly. See +# bug #739846. +exit 0 diff --git a/logrotate.d/mysql-server b/logrotate.d/mysql-server index 34ef6385e..2d9c71a75 100644 --- a/logrotate.d/mysql-server +++ b/logrotate.d/mysql-server @@ -1,8 +1,8 @@ -# - I put everything in one block and added sharedscripts, so that mysql gets +# - I put everything in one block and added sharedscripts, so that mysql gets # flush-logs'd only once. # Else the binary logs would automatically increase by n times every day. # - The error log is obsolete, messages go to syslog now. -/var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log /var/log/mysql/mariadb-slow.log /var/log/mysql/error.log { +/var/log/mysql.log /var/log/mysql/*log { daily rotate 7 missingok @@ -10,11 +10,18 @@ compress sharedscripts postrotate - test -x /usr/bin/mysqladmin || exit 0 - if [ -f `my_print_defaults --mysqld | grep -m 1 -oP "pid-file=\K.+$"` ]; then - # If this fails, check debian.conf! - mysqladmin --defaults-file=/etc/mysql/debian.cnf --local flush-error-log \ - flush-engine-log flush-general-log flush-slow-log - fi + test -x /usr/bin/mysqladmin || exit 0 + # If this fails, check debian.conf! + MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" + if [ -z "`$MYADMIN ping 2>/dev/null`" ]; then + # Really no mysqld or rather a missing debian-sys-maint user? + # If this occurs and is not a error please report a bug. + #if ps cax | grep -q mysqld; then + if killall -q -s0 -umysql mysqld; then + exit 1 + fi + else + $MYADMIN flush-logs + fi endscript } diff --git a/mysql/FROZEN b/mysql/FROZEN new file mode 120000 index 000000000..2bc63aea9 --- /dev/null +++ b/mysql/FROZEN @@ -0,0 +1 @@ +../../usr/share/doc/mysql-common/frozen-mode/downgrade \ No newline at end of file diff --git a/mysql/debian-start b/mysql/debian-start index 7de59ce1f..8be72eac2 100755 --- a/mysql/debian-start +++ b/mysql/debian-start @@ -1,43 +1,5 @@ #!/bin/bash -# -# This script is executed by "/etc/init.d/mysql" on every (re)start. -# -# Changes to this file will be preserved when updating the Debian package. -# -# NOTE: This file is read only by the traditional SysV init script, not systemd. -# - -source /usr/share/mysql/debian-start.inc.sh - -if [ -f /etc/default/mysql ]; then - . /etc/default/mysql -fi - -MYSQL="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf" -MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" -# Don't run full mysql_upgrade on every server restart, use --version-check to do it only once -MYUPGRADE="/usr/bin/mysql_upgrade --defaults-extra-file=/etc/mysql/debian.cnf --version-check" -MYCHECK="/usr/bin/mysqlcheck --defaults-file=/etc/mysql/debian.cnf" -MYCHECK_SUBJECT="WARNING: mysqlcheck has found corrupt tables" -MYCHECK_PARAMS="--all-databases --fast --silent" -MYCHECK_RCPT="${MYCHECK_RCPT:-root}" - -## Checking for corrupt, not cleanly closed (only for MyISAM and Aria engines) and upgrade needing tables. - -# The following commands should be run when the server is up but in background -# where they do not block the server start and in one shell instance so that -# they run sequentially. They are supposed not to echo anything to stdout. -# If you want to disable the check for crashed tables comment -# "check_for_crashed_tables" out. -# (There may be no output to stdout inside the background process!) - -# Need to ignore SIGHUP, as otherwise a SIGHUP can sometimes abort the upgrade -# process in the middle. -trap "" SIGHUP -( - upgrade_system_tables_if_necessary; - check_root_accounts; - check_for_crashed_tables; -) >&2 & +# Change to no-op as detailed in +# https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1577712 exit 0