[gentoo-commits] proj/mysql:master commit in: eclass/

Wed, 15 Nov 2017 06:28:31 -0800 

commit:     3007cfdf814727b90978e91991c0ad26f2ad4a74
Author:     Brian Evans <grknight <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 15 14:26:59 2017 +0000
Commit:     Brian Evans <grknight <AT> gentoo <DOT> org>
CommitDate: Wed Nov 15 14:26:59 2017 +0000
URL:        https://gitweb.gentoo.org/proj/mysql.git/commit/?id=3007cfdf

mysql-multilib.eclass: Update security changes from Gentoo repo

Before removing from the Gentoo repo, update this overlay copy in case
we need it again.

 eclass/mysql-multilib.eclass | 35 ++++++++++++++---------------------
 1 file changed, 14 insertions(+), 21 deletions(-)

diff --git a/eclass/mysql-multilib.eclass b/eclass/mysql-multilib.eclass
index 14e1913..3cfdb81 100644
--- a/eclass/mysql-multilib.eclass
+++ b/eclass/mysql-multilib.eclass
@@ -843,14 +843,9 @@ mysql-multilib_pkg_postinst() {
        # Make sure the vars are correctly initialized
        mysql_init_vars
 
-       # Check FEATURES="collision-protect" before removing this
+       # Create log directory securely if it does not exist
        [[ -d "${ROOT}${MY_LOGDIR}" ]] || install -d -m0750 -o mysql -g mysql 
"${ROOT}${MY_LOGDIR}"
 
-       # Secure the logfiles
-       touch "${ROOT}${MY_LOGDIR}"/mysql.{log,err}
-       chown mysql:mysql "${ROOT}${MY_LOGDIR}"/mysql*
-       chmod 0660 "${ROOT}${MY_LOGDIR}"/mysql*
-
        # Minimal builds don't have the MySQL server
        if use_if_iuse minimal ; then
                :
@@ -1049,7 +1044,7 @@ mysql-multilib_pkg_config() {
        ${EROOT}/usr/sbin/mysqld --verbose --help >"${helpfile}" 2>/dev/null
        for opt in grant-tables host-cache name-resolve networking slave-start \
                federated ssl log-bin relay-log slow-query-log external-locking 
\
-               ndbcluster log-slave-updates \
+               ndbcluster log-slave-updates wsrep-on \
                ; do
                optexp="--(skip-)?${opt}" optfull="--loose-skip-${opt}"
                egrep -sq -- "${optexp}" "${helpfile}" && options="${options} 
${optfull}"
@@ -1058,8 +1053,6 @@ mysql-multilib_pkg_config() {
        egrep -sq external-locking "${helpfile}" && \
        options="${options/skip-locking/skip-external-locking}"
 
-       use prefix || options="${options} --user=mysql"
-
        # MySQL 5.6+ needs InnoDB
        if [[ ${PN} == "mysql" || ${PN} == "percona-server" ]] ; then
                mysql_version_is_at_least "5.6" || options="${options} 
--loose-skip-innodb"
@@ -1068,18 +1061,16 @@ mysql-multilib_pkg_config() {
        einfo "Creating the mysql database and setting proper permissions on it 
..."
 
        # Now that /var/run is a tmpfs mount point, we need to ensure it exists 
before using it
-       PID_DIR="${EROOT}/var/run/mysqld"
+       local PID_DIR="${EROOT}/var/run/mysqld"
        if [[ ! -d "${PID_DIR}" ]]; then
-               mkdir -p "${PID_DIR}" || die "Could not create pid directory"
-               chown mysql:mysql "${PID_DIR}" || die "Could not set ownership 
on pid directory"
-               chmod 755 "${PID_DIR}" || die "Could not set permissions on pid 
directory"
+               install -d -m 755 -o mysql -g mysql "${PID_DIR}" || die "Could 
not create pid directory"
        fi
 
-       pushd "${TMPDIR}" &>/dev/null
+       if [[ ! -d "${MY_DATADIR}" ]]; then
+               install -d -m 750 -o mysql -g mysql "${MY_DATADIR}" || die 
"Could not create data directory"
+       fi
 
-       # Filling timezones, see
-       # http://dev.mysql.com/doc/mysql/en/time-zone-support.html
-       "${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > 
"${sqltmp}" 2>/dev/null
+       pushd "${TMPDIR}" &>/dev/null || die
 
        local cmd
        local initialize_options
@@ -1098,17 +1089,19 @@ mysql-multilib_pkg_config() {
        fi
        cmd="'$cmd' '--basedir=${EPREFIX}/usr' ${options} 
'--datadir=${ROOT}/${MY_DATADIR}' '--tmpdir=${ROOT}/${MYSQL_TMPDIR}' 
${initialize_options}"
        einfo "Command: $cmd"
-       eval $cmd \
+       su -s /bin/sh -c "${cmd}" mysql \
                >"${TMPDIR}"/mysql_install_db.log 2>&1
        if [ $? -ne 0 ]; then
                grep -B5 -A999 -i "ERROR" "${TMPDIR}"/mysql_install_db.log 1>&2
                die "Failed to initialize mysqld. Please review 
${EPREFIX}/var/log/mysql/mysqld.err AND ${TMPDIR}/mysql_install_db.log"
        fi
-       popd &>/dev/null
+       popd &>/dev/null || die
        [[ -f "${ROOT}/${MY_DATADIR}/mysql/user.frm" ]] \
        || die "MySQL databases not installed"
-       chown -R mysql:mysql "${ROOT}/${MY_DATADIR}" 2>/dev/null
-       chmod 0750 "${ROOT}/${MY_DATADIR}" 2>/dev/null
+
+       # Filling timezones, see
+       # http://dev.mysql.com/doc/mysql/en/time-zone-support.html
+       "${EROOT}/usr/bin/mysql_tzinfo_to_sql" "${EROOT}/usr/share/zoneinfo" > 
"${sqltmp}" 2>/dev/null
 
        local socket="${EROOT}/var/run/mysqld/mysqld${RANDOM}.sock"
        local pidfile="${EROOT}/var/run/mysqld/mysqld${RANDOM}.pid"

Reply via email to