Bug#843534: akonadi-server: Workarounds don't work

2016-11-10 Thread Norvald H. Ryeng 
Thanks for the strace and logs!

It looks very much like the OS is refusing the MySQL daemon access to
the config file and datadir, even though the user can read them. Are
you perhaps using SELinux or apparmor? If you are, dmesg should tell
you what's going on.

Regards,

Norvald H. Ryeng

Bug#843534: akonadi-server: Workarounds don't work

2016-11-10 Thread Sandro Knauß 
Forwarding issue to pkg-mysql-maint as requested by Robie Basak. If there are 
any questions, feel free to ask.

Hey,

I have no glue why mysql refuses to start. Did you tried to copy the data dir 
to tmp and try again?

Maybe mysql maintainer can help here, why mysqld doesn't want to start.
mysqld tells us, that the defaults-file and data dir is not accessable anymore 
with the new version. But if we use ls to show file permissions it tells us, 
that the permissions are okay (644/755).
The background is, that akonadi starts an mysqld with datadir= /home/
/.local/share/akonadi/db_data/
as . 

You can see the complete mysql.cnf in the bugreport https://bugs.debian.org/
cgi-bin/bugreport.cgi?bug=843534#55 (Test 8)

Best Regards,

sandro

--
Am Donnerstag, 10. November 2016, 13:33:44 CET schrieb Johannes Ranke:
> OK, good idea, this gets me a bit further:
> 
> USERNAME@HOST:~/.local/share/akonadi$ /usr/sbin/mysqld --defaults-
> file=/tmp/mysql.conf --datadir=/home/USERNAME/.local/share/akonadi/db_data/
> -- socket=/tmp/akonadi-USERNAME.gzrNgH/mysql.socket
> 161110 13:28:37 [Warning] Insecure configuration for --secure-file-priv:
> Current value does not restrict location of generated files. Consider
> setting it to a valid, non-empty path.
> 161110 13:28:37 [Note] /usr/sbin/mysqld (mysqld 5.5.53-0+deb8u1) starting as
> process 2783 ...
> 161110 13:28:37 [Warning] Can't create test file
> /home/USERNAME/.local/share/akonadi/db_data/HOST.lower-test
> 161110 13:28:37 [Warning] Can't create test file
> /home/USERNAME/.local/share/akonadi/db_data/HOST.lower-test
> 161110 13:28:37 [Note] Plugin 'FEDERATED' is disabled.
> 161110 13:28:37 InnoDB: The InnoDB memory heap is disabled
> 161110 13:28:37 InnoDB: Mutexes and rw_locks use GCC atomic builtins
> 161110 13:28:37 InnoDB: Compressed tables use zlib 1.2.8
> 161110 13:28:37 InnoDB: Using Linux native AIO
> 161110 13:28:37 InnoDB: Initializing buffer pool, size = 80.0M
> 161110 13:28:37 InnoDB: Completed initialization of buffer pool
> 161110 13:28:37  InnoDB: Operating system error number 13 in a file
> operation. InnoDB: The error means mysqld does not have the access rights
> to
> InnoDB: the directory.
> InnoDB: File name ./ibdata1
> InnoDB: File operation call: 'open'.
> InnoDB: Cannot continue operation.
> 
> It seems that the path to the datadir is also restricted, as this directory
> is also writeable by USERNAME...
> 
> I see this as a bug in mysql, especially as it is not described in the
> changelog, any other opinions on that?
> 
> Cheers, Johannes
> 
> Am Donnerstag, 10. November 2016, 13:07:40 schrieb Sandro Knauß:
> > Hey,
> > 
> > just try tp copy the file to /tmp/ and than try to start the server?
> > 
> > /usr/sbin/mysqld --defaults-file=/tmp/mysql.conf --datadir=[...]
> > 
> > maybe you have strange permission in one folder?
> > 
> > But mysqld is runas normal  so if this user can read the file
> > this should be enough. Does 5.5.23 somehow also limit the paths to load
> > defaults- file from? Doesn't seems so from changelog
> > 
> > https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html
> > 
> > Best regards,
> > 
> > sandro
> > 
> > --
> > 
> > Am Donnerstag, 10. November 2016, 12:51:59 CET schrieb Johannes Ranke:
> > > When I run the same command using strace, I get
> > > 
> > > ...
> > > 
> > > getcwd("/home/USERNAME/.local/share/akonadi", 510) = 34
> > > stat("/home/USERNAME/.local/share/akonadi/mysql.conf",
> > > {st_mode=S_IFREG|0644, st_size=3486, ...}) = 0
> > > open("/home/USERNAME/.local/share/akonadi/mysql.conf", O_RDONLY) = -1
> > > EACCES (Permission denied)
> > > write(2, "Could not open required defaults"..., 84Could not open
> > > required
> > > defaults file: /home/USERNAME/.local/share/akonadi/mysql.conf
> > > ) = 84
> > > write(2, "Fatal error in defaults handling"..., 50Fatal error in
> > > defaults
> > > handling. Program aborted
> > > ) = 50
> > > exit_group(1)   = ?
> > > +++ exited with 1 +++



signature.asc
Description: This is a digitally signed message part.

Bug#843534: akonadi-server: Workarounds don't work

2016-11-10 Thread Sandro Knauß 
Hey,

I have no glue why mysql refuses to start. Did you tried to copy the data dir 
to tmp and try again?

Maybe mysql maintainer can help here, why mysqld doesn't want to start.
mysqld tells us, that the defaults-file and data dir is not accessable anymore 
with the new version. But if we use ls to show file permissions it tells us, 
that the permissions are okay (644/755).
The background is, that akonadi starts an mysqld with datadir= /home/
/.local/share/akonadi/db_data/
as . 

You can see the complete mysql.cnf in the bugreport https://bugs.debian.org/
cgi-bin/bugreport.cgi?bug=843534#55 (Test 8)

Best Regards,

sandro

--
Am Donnerstag, 10. November 2016, 13:33:44 CET schrieb Johannes Ranke:
> OK, good idea, this gets me a bit further:
> 
> USERNAME@HOST:~/.local/share/akonadi$ /usr/sbin/mysqld --defaults-
> file=/tmp/mysql.conf --datadir=/home/USERNAME/.local/share/akonadi/db_data/
> -- socket=/tmp/akonadi-USERNAME.gzrNgH/mysql.socket
> 161110 13:28:37 [Warning] Insecure configuration for --secure-file-priv:
> Current value does not restrict location of generated files. Consider
> setting it to a valid, non-empty path.
> 161110 13:28:37 [Note] /usr/sbin/mysqld (mysqld 5.5.53-0+deb8u1) starting as
> process 2783 ...
> 161110 13:28:37 [Warning] Can't create test file
> /home/USERNAME/.local/share/akonadi/db_data/HOST.lower-test
> 161110 13:28:37 [Warning] Can't create test file
> /home/USERNAME/.local/share/akonadi/db_data/HOST.lower-test
> 161110 13:28:37 [Note] Plugin 'FEDERATED' is disabled.
> 161110 13:28:37 InnoDB: The InnoDB memory heap is disabled
> 161110 13:28:37 InnoDB: Mutexes and rw_locks use GCC atomic builtins
> 161110 13:28:37 InnoDB: Compressed tables use zlib 1.2.8
> 161110 13:28:37 InnoDB: Using Linux native AIO
> 161110 13:28:37 InnoDB: Initializing buffer pool, size = 80.0M
> 161110 13:28:37 InnoDB: Completed initialization of buffer pool
> 161110 13:28:37  InnoDB: Operating system error number 13 in a file
> operation. InnoDB: The error means mysqld does not have the access rights
> to
> InnoDB: the directory.
> InnoDB: File name ./ibdata1
> InnoDB: File operation call: 'open'.
> InnoDB: Cannot continue operation.
> 
> It seems that the path to the datadir is also restricted, as this directory
> is also writeable by USERNAME...
> 
> I see this as a bug in mysql, especially as it is not described in the
> changelog, any other opinions on that?
> 
> Cheers, Johannes
> 
> Am Donnerstag, 10. November 2016, 13:07:40 schrieb Sandro Knauß:
> > Hey,
> > 
> > just try tp copy the file to /tmp/ and than try to start the server?
> > 
> > /usr/sbin/mysqld --defaults-file=/tmp/mysql.conf --datadir=[...]
> > 
> > maybe you have strange permission in one folder?
> > 
> > But mysqld is runas normal  so if this user can read the file
> > this should be enough. Does 5.5.23 somehow also limit the paths to load
> > defaults- file from? Doesn't seems so from changelog
> > 
> > https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html
> > 
> > Best regards,
> > 
> > sandro
> > 
> > --
> > 
> > Am Donnerstag, 10. November 2016, 12:51:59 CET schrieb Johannes Ranke:
> > > When I run the same command using strace, I get
> > > 
> > > ...
> > > 
> > > getcwd("/home/USERNAME/.local/share/akonadi", 510) = 34
> > > stat("/home/USERNAME/.local/share/akonadi/mysql.conf",
> > > {st_mode=S_IFREG|0644, st_size=3486, ...}) = 0
> > > open("/home/USERNAME/.local/share/akonadi/mysql.conf", O_RDONLY) = -1
> > > EACCES (Permission denied)
> > > write(2, "Could not open required defaults"..., 84Could not open
> > > required
> > > defaults file: /home/USERNAME/.local/share/akonadi/mysql.conf
> > > ) = 84
> > > write(2, "Fatal error in defaults handling"..., 50Fatal error in
> > > defaults
> > > handling. Program aborted
> > > ) = 50
> > > exit_group(1)   = ?
> > > +++ exited with 1 +++



signature.asc
Description: This is a digitally signed message part.

Bug#843534: akonadi-server: Workarounds don't work

2016-11-10 Thread Johannes Ranke 
OK, good idea, this gets me a bit further:

USERNAME@HOST:~/.local/share/akonadi$ /usr/sbin/mysqld --defaults-
file=/tmp/mysql.conf --datadir=/home/USERNAME/.local/share/akonadi/db_data/ --
socket=/tmp/akonadi-USERNAME.gzrNgH/mysql.socket
161110 13:28:37 [Warning] Insecure configuration for --secure-file-priv: 
Current 
value does not restrict location of generated files. Consider setting it to a 
valid, non-empty path.
161110 13:28:37 [Note] /usr/sbin/mysqld (mysqld 5.5.53-0+deb8u1) starting as 
process 2783 ...
161110 13:28:37 [Warning] Can't create test file 
/home/USERNAME/.local/share/akonadi/db_data/HOST.lower-test
161110 13:28:37 [Warning] Can't create test file 
/home/USERNAME/.local/share/akonadi/db_data/HOST.lower-test
161110 13:28:37 [Note] Plugin 'FEDERATED' is disabled.
161110 13:28:37 InnoDB: The InnoDB memory heap is disabled
161110 13:28:37 InnoDB: Mutexes and rw_locks use GCC atomic builtins
161110 13:28:37 InnoDB: Compressed tables use zlib 1.2.8
161110 13:28:37 InnoDB: Using Linux native AIO
161110 13:28:37 InnoDB: Initializing buffer pool, size = 80.0M
161110 13:28:37 InnoDB: Completed initialization of buffer pool
161110 13:28:37  InnoDB: Operating system error number 13 in a file operation.
InnoDB: The error means mysqld does not have the access rights to
InnoDB: the directory.
InnoDB: File name ./ibdata1
InnoDB: File operation call: 'open'.
InnoDB: Cannot continue operation.

It seems that the path to the datadir is also restricted, as this directory is 
also writeable by USERNAME...

I see this as a bug in mysql, especially as it is not described in the 
changelog, any other opinions on that?

Cheers, Johannes

Am Donnerstag, 10. November 2016, 13:07:40 schrieb Sandro Knauß:
> Hey,
> 
> just try tp copy the file to /tmp/ and than try to start the server?
> 
> /usr/sbin/mysqld --defaults-file=/tmp/mysql.conf --datadir=[...]
> 
> maybe you have strange permission in one folder?
> 
> But mysqld is runas normal  so if this user can read the file this
> should be enough. Does 5.5.23 somehow also limit the paths to load
> defaults- file from? Doesn't seems so from changelog
> 
> https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html
> 
> Best regards,
> 
> sandro
> 
> --
> 
> Am Donnerstag, 10. November 2016, 12:51:59 CET schrieb Johannes Ranke:
> > When I run the same command using strace, I get
> > 
> > ...
> > 
> > getcwd("/home/USERNAME/.local/share/akonadi", 510) = 34
> > stat("/home/USERNAME/.local/share/akonadi/mysql.conf",
> > {st_mode=S_IFREG|0644, st_size=3486, ...}) = 0
> > open("/home/USERNAME/.local/share/akonadi/mysql.conf", O_RDONLY) = -1
> > EACCES (Permission denied)
> > write(2, "Could not open required defaults"..., 84Could not open required
> > defaults file: /home/USERNAME/.local/share/akonadi/mysql.conf
> > ) = 84
> > write(2, "Fatal error in defaults handling"..., 50Fatal error in defaults
> > handling. Program aborted
> > ) = 50
> > exit_group(1)   = ?
> > +++ exited with 1 +++
-- 
PD Dr. Johannes Ranke
Kronacher Str. 12
79639 Grenzach-Wyhlen

signature.asc
Description: This is a digitally signed message part.

Bug#843534: akonadi-server: Workarounds don't work

2016-11-10 Thread Sandro Knauß 
Hey,

just try tp copy the file to /tmp/ and than try to start the server?

/usr/sbin/mysqld --defaults-file=/tmp/mysql.conf --datadir=[...]

maybe you have strange permission in one folder?

But mysqld is runas normal  so if this user can read the file this 
should be enough. Does 5.5.23 somehow also limit the paths to load defaults-
file from? Doesn't seems so from changelog

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-53.html

Best regards,

sandro

--
Am Donnerstag, 10. November 2016, 12:51:59 CET schrieb Johannes Ranke:
> When I run the same command using strace, I get
> 
> ...
> 
> getcwd("/home/USERNAME/.local/share/akonadi", 510) = 34
> stat("/home/USERNAME/.local/share/akonadi/mysql.conf",
> {st_mode=S_IFREG|0644, st_size=3486, ...}) = 0
> open("/home/USERNAME/.local/share/akonadi/mysql.conf", O_RDONLY) = -1 EACCES
> (Permission denied)
> write(2, "Could not open required defaults"..., 84Could not open required
> defaults file: /home/USERNAME/.local/share/akonadi/mysql.conf
> ) = 84
> write(2, "Fatal error in defaults handling"..., 50Fatal error in defaults
> handling. Program aborted
> ) = 50
> exit_group(1)   = ?
> +++ exited with 1 +++



signature.asc
Description: This is a digitally signed message part.

Bug#843534: akonadi-server: Workarounds don't work

2016-11-10 Thread Johannes Ranke 
When I run the same command using strace, I get

...

getcwd("/home/USERNAME/.local/share/akonadi", 510) = 34
stat("/home/USERNAME/.local/share/akonadi/mysql.conf", {st_mode=S_IFREG|0644, 
st_size=3486, ...}) = 0
open("/home/USERNAME/.local/share/akonadi/mysql.conf", O_RDONLY) = -1 EACCES 
(Permission denied)
write(2, "Could not open required defaults"..., 84Could not open required 
defaults file: /home/USERNAME/.local/share/akonadi/mysql.conf
) = 84
write(2, "Fatal error in defaults handling"..., 50Fatal error in defaults 
handling. Program aborted
) = 50
exit_group(1)   = ?
+++ exited with 1 +++


signature.asc
Description: This is a digitally signed message part.

Bug#843534: akonadi-server: Workarounds don't work

2016-11-10 Thread Johannes Ranke 
Also, when I do 

  su mysql

I can read the file without problems, e.g. cat mysql.conf works.

signature.asc
Description: This is a digitally signed message part.

Bug#843534: akonadi-server: Workarounds don't work

2016-11-10 Thread Sandro Knauß 
Hello,

> Test 14:  ERROR
> 
> 
> Current Akonadi server error log found.
> Details: The Akonadi server reported errors during its current startup. The
> log can be found in  href='/home/USERNAME/.local/share/akonadi/akonadiserver.error'>/home/USERNA
> ME/.local/share/akonadi/akonadiserver.error.
> 
> File content of '/home/USERNAME/.local/share/akonadi/akonadiserver.error':
> Database process exited unexpectedly during initial connection!
> executable: "/usr/sbin/mysqld"
> arguments:
> ("--defaults-file=/home/USERNAME/.local/share/akonadi/mysql.conf",
> "--datadir=/home/USERNAME/.local/share/akonadi/db_data/",
> "--socket=/tmp/akonadi-USERNAME.gzrNgH/mysql.socket") stdout: ""
> stderr: "Could not open required defaults file:
> /home/USERNAME/.local/share/akonadi/mysql.conf Fatal error in defaults
> handling. Program aborted
> "
> exit code: 1

This looks like, that mysqld can't read your .local/share/akonadi/mysql.conf 
file and fails, because of that. Please make sure, that this file exists and 
have at least read permissions for the user. Can you post a ls -ls 
/home/USERNAME/.local/share/akonadi/

and try to start mysqld by hand?
/usr/sbin/mysqld --defaults-file=/home/USERNAME/.local/share/akonadi/mysql.conf 
--datadir=/home/USERNAME/.local/share/akonadi/db_data/ 
--socket=/tmp/akonadi-USERNAME.gzrNgH/mysql.socket

to stop it again if it starts up:
mysqladmin --defaults-file=/home/USERNAME/.local/share/akonadi/mysql.conf  
--socket=/tmp/akonadi-USERNAME.gzrNgH/mysql.socket shutdown

(you need to add defaults-file and socket parameter of the start command)

Best Regards,

sandro

signature.asc
Description: This is a digitally signed message part.

Bug#843534: akonadi-server: Workarounds don't work

2016-11-09 Thread Johannes Ranke 
Package: akonadi-server
Version: 1.13.0-2+deb8u1
Followup-For: Bug #843534

I have added "secure_file_priv=" to ~/.local/share/akonadi/mysql.conf as
suggested in the original bug report. This did not help. I also added
this instruction to /etc/akonadi/mysql-global.conf.

Finally, I have created the directory in question manually using these
commands

  mkdir -m700 /var/lib/mysql-files
  chown mysql:mysql /var/lib/mysql-files

Nevertheless, akonadi still crashes when starting kmail or when issuing
akonadictl start, so kmail is unusable on this machine at the moment
while it was fully functional two days ago.

The report given by the akonadi selftest follows after the system
information. Any hints are welcome.


-- System Information:
Debian Release: 8.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages akonadi-server depends on:
ii  akonadi-backend-mysql   1.13.0-2+deb8u1
ii  libakonadiprotocolinternals11.13.0-2+deb8u1
ii  libboost-program-options1.55.0  1.55.0+dfsg-3
ii  libc6   2.19-18+deb8u6
ii  libgcc1 1:4.9.2-10
ii  libqt4-dbus 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqt4-network  4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqt4-sql  4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqt4-xml  4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqtcore4  4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libqtgui4   4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
ii  libstdc++6  4.9.2-10

akonadi-server recommends no packages.

Versions of packages akonadi-server suggests:
ii  akonadi-backend-mysql   1.13.0-2+deb8u1
pn  akonadi-backend-postgresql  
pn  akonadi-backend-sqlite  

-- no debconf information

--


Akonadi Server Self-Test Report
===

Test 1:  SUCCESS


Database driver found.
Details: The QtSQL driver 'QMYSQL' is required by your current Akonadi server 
configuration and was found on your system.

File content of '/home/USERNAME/.config/akonadi/akonadiserverrc':
[%General]
Driver=QMYSQL

[QMYSQL]
Name=akonadi
Host=
Options="UNIX_SOCKET=/tmp/akonadi-USERNAME.gzrNgH/mysql.socket"
ServerPath=/usr/sbin/mysqld
StartServer=true

[Debug]
Tracer=null


Test 2:  SUCCESS


Akonadi is not running as root
Details: Akonadi is not running as a root/administrator user, which is the 
recommended setup for a secure system.

Test 3:  SUCCESS


MySQL server found.
Details: You have currently configured Akonadi to use the MySQL server 
'/usr/sbin/mysqld'.
Make sure you have the MySQL server installed, set the correct path and ensure 
you have the necessary read and execution rights on the server executable. The 
server executable is typically called 'mysqld'; its location varies depending 
on the distribution.

Test 4:  SUCCESS


MySQL server is executable.
Details: MySQL server found: 161109 18:42:51 [Warning] Using unique option 
prefix key_buffer instead of key_buffer_size is deprecated and will be removed 
in a future release. Please use the full name instead.
/usr/sbin/mysqld  Ver 5.5.53-0+deb8u1 for debian-linux-gnu on x86_64 ((Debian))


Test 5:  SUCCESS


No current MySQL error log found.
Details: The MySQL server did not report any errors during this startup. The 
log can be found in '/home/USERNAME/.local/share/akonadi/db_data/mysql.err'.

Test 6:  SUCCESS


MySQL server default configuration found.
Details: The default configuration for the MySQL server was found and is 
readable at /etc/akonadi/mysql-global.conf.

File content of '/etc/akonadi/mysql-global.conf':
#
# Global Akonadi MySQL server settings,
# These settings can be adjusted using $HOME/.config/akonadi/mysql-local.conf
#
# Based on advice by Kris Köhntopp 
#
[mysqld]

# strict query parsing/interpretation
# TODO: make Akonadi work with those settings enabled
# 
sql_mode=strict_trans_tables,strict_all_tables,strict_error_for_division_by_zero,no_auto_create_user,no_auto_value_on_zero,no_engine_substitution,no_zero_date,no_zero_in_date,only_full_group_by,pipes_as_concat
# sql_mode=strict_trans_tables

# DEBUGGING:
# log all queries, useful for debugging but generates an enormous amount of data
# log=mysql.full
# log queries slower than n seconds, log file name relative to datadir (for 
debugging only)
# log_slow_queries=mysql.slow
# long_query_time=1
# log queries not using indices, debug only, disable for production use
# log_queries_not_using_indexes=1
#
# mesure database size and adjust innodb_buffer_pool_size
# SELECT sum(data_length) as bla, sum(index_length) as blub FROM