Hi, > If I understand the issue here, this is nothing to do with MariaDB being or > not being a drop-in for MySQL. The problem seems to be this patch in the > Debian packaging: > > > https://github.com/ottok/mariadb-10.1/blob/master/debian/patches/mdev-8375-passwordless-root-via-socket-auth.patch > > The idea is to make the default install of package mariadb-server-10.1 use > socket authentication for the root user, which seems fine. But the patch > seems completely wrong. Rather than adding needed functionality to enable > postinst to setup socket auth, instead it hardcodes this decision into > mysql_install_db, which breaks other users. > > So it has nothing to do with MySQL vs. MariaDB, such patch could just as > well have been made against MySQL packaging, with same bad consequences. It > is simply a bug / unintended consequence of an addition to debian/patches/, > and simply needs to be fixed. Feel free to correct me if I'm wrong? > > Suggestion for fixing: Add options --auth-root-socket and > --auth-root-nopasswd to mysql_install_db. Echo a corresponding > "SET @auth_root_socket=1" or "SET @auth_root_nopasswd=1" down the > mysqld_install_cmd_line pipe. Then in mysql_system_tables_data.sql choose > one or the other contents for the user table like this: > > REPLACE INTO tmp_user_nopasswd ... > INSERT INTO tmp_user_socket ... > INSERT INTO user SELECT * FROM tmp_user_nopasswd WHERE @had_user_table=0 > and @auth_root_nopasswd=1; > INSERT INTO user SELECT * FROM tmp_user_socket WHERE @had_user_table=0 and > @auth_root_socket=1; > > This way, mariadb-server-10.1 postinst can use > mysql_install_db --auth-root-socket. And ruby-mysql2 can use > mysql_install_db --auth-root-nopasswd. And if --auth-root-nopasswd is made > the default, then existing users can work fine without any changes. > Sounds reasonable?
That's exactly what this is all about. Thanks for putting it in other words and probably doing better at that than me! -nik -- PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17 FD26 B79A 3C16 A0C4 F296 Dominik George · Hundeshagenstr. 26 · 53225 Bonn Mobile: +49-1520-1981389 · https://www.dominik-george.de/ Teckids e.V. · FrOSCon e.V. Fellowship of the FSFE · Piratenpartei Deutschland Opencaching Deutschland e.V. · Debian Maintainer LPIC-3 Linux Enterprise Professional (Security)
signature.asc
Description: PGP signature