From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 327B61396D9 for ; Wed, 15 Nov 2017 14:28:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4B712E0D14; Wed, 15 Nov 2017 14:28:07 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1BB9AE0D14 for ; Wed, 15 Nov 2017 14:28:07 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 10329340988 for ; Wed, 15 Nov 2017 14:28:06 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 8D4609B99 for ; Wed, 15 Nov 2017 14:28:04 +0000 (UTC) From: "Brian Evans" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Brian Evans" Message-ID: <1510756019.3007cfdf814727b90978e91991c0ad26f2ad4a74.grknight@gentoo> Subject: [gentoo-commits] proj/mysql:master commit in: eclass/ X-VCS-Repository: proj/mysql X-VCS-Files: eclass/mysql-multilib.eclass X-VCS-Directories: eclass/ X-VCS-Committer: grknight X-VCS-Committer-Name: Brian Evans X-VCS-Revision: 3007cfdf814727b90978e91991c0ad26f2ad4a74 X-VCS-Branch: master Date: Wed, 15 Nov 2017 14:28:04 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: defda3ab-4c85-4134-8cf0-65f6e7ef4d09 X-Archives-Hash: 887a562e42fa6af3e9a421841646d7b3 commit: 3007cfdf814727b90978e91991c0ad26f2ad4a74 Author: Brian Evans gentoo org> AuthorDate: Wed Nov 15 14:26:59 2017 +0000 Commit: Brian Evans gentoo org> CommitDate: Wed Nov 15 14:26:59 2017 +0000 URL: https://gitweb.gentoo.org/proj/mysql.git/commit/?id=3007cfdf mysql-multilib.eclass: Update security changes from Gentoo repo Before removing from the Gentoo repo, update this overlay copy in case we need it again. eclass/mysql-multilib.eclass | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/eclass/mysql-multilib.eclass b/eclass/mysql-multilib.eclass index 14e1913..3cfdb81 100644 --- a/eclass/mysql-multilib.eclass +++ b/eclass/mysql-multilib.eclass @@ -843,14 +843,9 @@ mysql-multilib_pkg_postinst() { # Make sure the vars are correctly initialized mysql_init_vars - # Check FEATURES="collision-protect" before removing this + # Create log directory securely if it does not exist [[ -d "${ROOT}${MY_LOGDIR}" ]] || install -d -m0750 -o mysql -g mysql "${ROOT}${MY_LOGDIR}" - # Secure the logfiles - touch "${ROOT}${MY_LOGDIR}"/mysql.{log,err} - chown mysql:mysql "${ROOT}${MY_LOGDIR}"/mysql* - chmod 0660 "${ROOT}${MY_LOGDIR}"/mysql* - # Minimal builds don't have the MySQL server if use_if_iuse minimal ; then : @@ -1049,7 +1044,7 @@ mysql-multilib_pkg_config() { ${EROOT}/usr/sbin/mysqld --verbose --help >"${helpfile}" 2>/dev/null for opt in grant-tables host-cache name-resolve networking slave-start \ federated ssl log-bin relay-log slow-query-log external-locking \ - ndbcluster log-slave-updates \ + ndbcluster log-slave-updates wsrep-on \ ; do optexp="--(skip-)?${opt}" optfull="--loose-skip-${opt}" egrep -sq -- "${optexp}" "${helpfile}" && options="${options} ${optfull}" @@ -1058,8 +1053,6 @@ mysql-multilib_pkg_config() { egrep -sq external-locking "${helpfile}" && \ options="${options/skip-locking/skip-external-locking}" - use prefix || options="${options} --user=mysql" - # MySQL 5.6+ needs InnoDB if [[ ${PN} == "mysql" || ${PN} == "percona-server" ]] ; then mysql_version_is_at_least "5.6" || options="${options} --loose-skip-innodb" @@ -1068,18 +1061,16 @@ mysql-multilib_pkg_config() { einfo "Creating the mysql database and setting proper permissions on it ..." # Now that /var/run is a tmpfs mount point, we need to ensure it exists before using it - PID_DIR="${EROOT}/var/run/mysqld" + local PID_DIR="${EROOT}/var/run/mysqld" if [[ ! -d "${PID_DIR}" ]]; then - mkdir -p "${PID_DIR}" || die "Could not create pid directory" - chown mysql:mysql "${PID_DIR}" || die "Could not set ownership on pid directory" - chmod 755 "${PID_DIR}" || die "Could not set permissions on pid directory" + install -d -m 755 -o mysql -g mysql "${PID_DIR}" || die "Could not create pid directory" fi - pushd "${TMPDIR}" &>/dev/null + if [[ ! -d "${MY_DATADIR}" ]]; then + install -d -m 750 -o mysql -g mysql "${MY_DATADIR}" || die "Could not create data directory" + fi - # Filling timezones, see - # http://dev.mysql.com/doc/mysql/en/time-zone-support.html - "${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > "${sqltmp}" 2>/dev/null + pushd "${TMPDIR}" &>/dev/null || die local cmd local initialize_options @@ -1098,17 +1089,19 @@ mysql-multilib_pkg_config() { fi cmd="'$cmd' '--basedir=${EPREFIX}/usr' ${options} '--datadir=${ROOT}/${MY_DATADIR}' '--tmpdir=${ROOT}/${MYSQL_TMPDIR}' ${initialize_options}" einfo "Command: $cmd" - eval $cmd \ + su -s /bin/sh -c "${cmd}" mysql \ >"${TMPDIR}"/mysql_install_db.log 2>&1 if [ $? -ne 0 ]; then grep -B5 -A999 -i "ERROR" "${TMPDIR}"/mysql_install_db.log 1>&2 die "Failed to initialize mysqld. Please review ${EPREFIX}/var/log/mysql/mysqld.err AND ${TMPDIR}/mysql_install_db.log" fi - popd &>/dev/null + popd &>/dev/null || die [[ -f "${ROOT}/${MY_DATADIR}/mysql/user.frm" ]] \ || die "MySQL databases not installed" - chown -R mysql:mysql "${ROOT}/${MY_DATADIR}" 2>/dev/null - chmod 0750 "${ROOT}/${MY_DATADIR}" 2>/dev/null + + # Filling timezones, see + # http://dev.mysql.com/doc/mysql/en/time-zone-support.html + "${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > "${sqltmp}" 2>/dev/null local socket="${EROOT}/var/run/mysqld/mysqld${RANDOM}.sock" local pidfile="${EROOT}/var/run/mysqld/mysqld${RANDOM}.pid"