[gentoo-commits] proj/mysql:master commit in: eclass/

["Brian Evans" <grknight@gentoo.org>]

commit:     3007cfdf814727b90978e91991c0ad26f2ad4a74
Author:     Brian Evans <grknight <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 15 14:26:59 2017 +0000
Commit:     Brian Evans <grknight <AT> gentoo <DOT> org>
CommitDate: Wed Nov 15 14:26:59 2017 +0000
URL:        https://gitweb.gentoo.org/proj/mysql.git/commit/?id=3007cfdf

mysql-multilib.eclass: Update security changes from Gentoo repo

Before removing from the Gentoo repo, update this overlay copy in case
we need it again.

 eclass/mysql-multilib.eclass | 35 ++++++++++++++---------------------
 1 file changed, 14 insertions(+), 21 deletions(-)

diff --git a/eclass/mysql-multilib.eclass b/eclass/mysql-multilib.eclass
index 14e1913..3cfdb81 100644
--- a/eclass/mysql-multilib.eclass
+++ b/eclass/mysql-multilib.eclass
@@ -843,14 +843,9 @@ mysql-multilib_pkg_postinst() {
 	# Make sure the vars are correctly initialized
 	mysql_init_vars
 
-	# Check FEATURES="collision-protect" before removing this
+	# Create log directory securely if it does not exist
 	[[ -d "${ROOT}${MY_LOGDIR}" ]] || install -d -m0750 -o mysql -g mysql "${ROOT}${MY_LOGDIR}"
 
-	# Secure the logfiles
-	touch "${ROOT}${MY_LOGDIR}"/mysql.{log,err}
-	chown mysql:mysql "${ROOT}${MY_LOGDIR}"/mysql*
-	chmod 0660 "${ROOT}${MY_LOGDIR}"/mysql*
-
 	# Minimal builds don't have the MySQL server
 	if use_if_iuse minimal ; then
 		:
@@ -1049,7 +1044,7 @@ mysql-multilib_pkg_config() {
 	${EROOT}/usr/sbin/mysqld --verbose --help >"${helpfile}" 2>/dev/null
 	for opt in grant-tables host-cache name-resolve networking slave-start \
 		federated ssl log-bin relay-log slow-query-log external-locking \
-		ndbcluster log-slave-updates \
+		ndbcluster log-slave-updates wsrep-on \
 		; do
 		optexp="--(skip-)?${opt}" optfull="--loose-skip-${opt}"
 		egrep -sq -- "${optexp}" "${helpfile}" && options="${options} ${optfull}"
@@ -1058,8 +1053,6 @@ mysql-multilib_pkg_config() {
 	egrep -sq external-locking "${helpfile}" && \
 	options="${options/skip-locking/skip-external-locking}"
 
-	use prefix || options="${options} --user=mysql"
-
 	# MySQL 5.6+ needs InnoDB
 	if [[ ${PN} == "mysql" || ${PN} == "percona-server" ]] ; then
 		mysql_version_is_at_least "5.6" || options="${options} --loose-skip-innodb"
@@ -1068,18 +1061,16 @@ mysql-multilib_pkg_config() {
 	einfo "Creating the mysql database and setting proper permissions on it ..."
 
 	# Now that /var/run is a tmpfs mount point, we need to ensure it exists before using it
-	PID_DIR="${EROOT}/var/run/mysqld"
+	local PID_DIR="${EROOT}/var/run/mysqld"
 	if [[ ! -d "${PID_DIR}" ]]; then
-		mkdir -p "${PID_DIR}" || die "Could not create pid directory"
-		chown mysql:mysql "${PID_DIR}" || die "Could not set ownership on pid directory"
-		chmod 755 "${PID_DIR}" || die "Could not set permissions on pid directory"
+		install -d -m 755 -o mysql -g mysql "${PID_DIR}" || die "Could not create pid directory"
 	fi
 
-	pushd "${TMPDIR}" &>/dev/null
+	if [[ ! -d "${MY_DATADIR}" ]]; then
+		install -d -m 750 -o mysql -g mysql "${MY_DATADIR}" || die "Could not create data directory"
+	fi
 
-	# Filling timezones, see
-	# http://dev.mysql.com/doc/mysql/en/time-zone-support.html
-	"${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > "${sqltmp}" 2>/dev/null
+	pushd "${TMPDIR}" &>/dev/null || die
 
 	local cmd
 	local initialize_options
@@ -1098,17 +1089,19 @@ mysql-multilib_pkg_config() {
 	fi
 	cmd="'$cmd' '--basedir=${EPREFIX}/usr' ${options} '--datadir=${ROOT}/${MY_DATADIR}' '--tmpdir=${ROOT}/${MYSQL_TMPDIR}' ${initialize_options}"
 	einfo "Command: $cmd"
-	eval $cmd \
+	su -s /bin/sh -c "${cmd}" mysql \
 		>"${TMPDIR}"/mysql_install_db.log 2>&1
 	if [ $? -ne 0 ]; then
 		grep -B5 -A999 -i "ERROR" "${TMPDIR}"/mysql_install_db.log 1>&2
 		die "Failed to initialize mysqld. Please review ${EPREFIX}/var/log/mysql/mysqld.err AND ${TMPDIR}/mysql_install_db.log"
 	fi
-	popd &>/dev/null
+	popd &>/dev/null || die
 	[[ -f "${ROOT}/${MY_DATADIR}/mysql/user.frm" ]] \
 	|| die "MySQL databases not installed"
-	chown -R mysql:mysql "${ROOT}/${MY_DATADIR}" 2>/dev/null
-	chmod 0750 "${ROOT}/${MY_DATADIR}" 2>/dev/null
+
+	# Filling timezones, see
+	# http://dev.mysql.com/doc/mysql/en/time-zone-support.html
+	"${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > "${sqltmp}" 2>/dev/null
 
 	local socket="${EROOT}/var/run/mysqld/mysqld${RANDOM}.sock"
 	local pidfile="${EROOT}/var/run/mysqld/mysqld${RANDOM}.pid"