YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

No need for mysql root password (#912)

Browse source 
* Get rid of /etc/yunohost/mysql

* Get rid of restore hook for mysql password

* Tab -> spaces

* declare->local lost while merging conflicts etc

* Gotta keep that var
This commit is contained in:
Alexandre Aubin 2021-03-01 19:11:41 +01:00 committed by GitHub
parent 4a20cf8003
commit d763247df4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 37 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
data/helpers.d/mysql
View file

@ -1,7 +1,5 @@
#!/bin/bash #!/bin/bash
MYSQL_ROOT_PWD_FILE=/etc/yunohost/mysql
# Open a connection as a user # Open a connection as a user
# #
# example: ynh_mysql_connect_as --user="user" --password="pass" <<< "UPDATE ...;" # example: ynh_mysql_connect_as --user="user" --password="pass" <<< "UPDATE ...;"
@ -49,8 +47,7 @@ ynh_mysql_execute_as_root() {
database="--database=$database" database="--database=$database"
fi fi
ynh_mysql_connect_as --user="root" --password="$(cat $MYSQL_ROOT_PWD_FILE)" \ mysql -B "$database" <<< "$sql"
$database <<< "$sql"
} }
# Execute a command from a file as root user # Execute a command from a file as root user
@ -75,9 +72,7 @@ ynh_mysql_execute_file_as_root() {
database="--database=$database" database="--database=$database"
fi fi
mysql -B "$database" < "$file"
ynh_mysql_connect_as --user="root" --password="$(cat $MYSQL_ROOT_PWD_FILE)" \
$database < "$file"
} }
# Create a database and grant optionnaly privilegies to a user # Create a database and grant optionnaly privilegies to a user
@ -140,7 +135,7 @@ ynh_mysql_dump_db() {
# Manage arguments with getopts # Manage arguments with getopts
ynh_handle_getopts_args "$@" ynh_handle_getopts_args "$@"
mysqldump --user="root" --password="$(cat $MYSQL_ROOT_PWD_FILE)" --single-transaction --skip-dump-date "$database" mysqldump --single-transaction --skip-dump-date "$database"
} }
# Create a user # Create a user
@ -214,12 +209,13 @@ ynh_mysql_setup_db () {
# Manage arguments with getopts # Manage arguments with getopts
ynh_handle_getopts_args "$@" ynh_handle_getopts_args "$@"
local new_db_pwd=$(ynh_string_random) # Generate a random password # Generate a random password
local new_db_pwd=$(ynh_string_random)
# If $db_pwd is not provided, use new_db_pwd instead for db_pwd # If $db_pwd is not provided, use new_db_pwd instead for db_pwd
db_pwd="${db_pwd:-$new_db_pwd}" db_pwd="${db_pwd:-$new_db_pwd}"
ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd"
ynh_app_setting_set --app=$app --key=mysqlpwd --value=$db_pwd # Store the password in the app's config ynh_app_setting_set --app=$app --key=mysqlpwd --value=$db_pwd
} }
# Remove a database if it exists, and the associated user # Remove a database if it exists, and the associated user
@ -232,16 +228,14 @@ ynh_mysql_setup_db () {
ynh_mysql_remove_db () { ynh_mysql_remove_db () {
# Declare an array to define the options of this helper. # Declare an array to define the options of this helper.
local legacy_args=un local legacy_args=un
local -A args_array=( [u]=db_user= [n]=db_name= ) local -Ar args_array=( [u]=db_user= [n]=db_name= )
local db_user local db_user
local db_name local db_name
# Manage arguments with getopts # Manage arguments with getopts
ynh_handle_getopts_args "$@" ynh_handle_getopts_args "$@"
local mysql_root_password=$(cat $MYSQL_ROOT_PWD_FILE) if mysqlshow | grep -q "^| $db_name "; then
if mysqlshow --user=root --password=$mysql_root_password | grep --quiet "^| $db_name" ynh_mysql_drop_db $db_name
then # Check if the database exists
ynh_mysql_drop_db $db_name # Remove the database
else else
ynh_print_warn --message="Database $db_name not found" ynh_print_warn --message="Database $db_name not found"
fi fi

33
data/hooks/conf_regen/34-mysql
View file

@ -1,7 +1,6 @@
#!/bin/bash #!/bin/bash
set -e set -e
MYSQL_PKG="$(dpkg --list | sed -ne 's/^ii \(mariadb-server-[[:digit:].]\+\) .*$/\1/p')"
. /usr/share/yunohost/helpers . /usr/share/yunohost/helpers
do_pre_regen() { do_pre_regen() {
@ -20,6 +19,7 @@ do_post_regen() {
# dpkg-reconfigure will initialize mysql (if it ain't already) # dpkg-reconfigure will initialize mysql (if it ain't already)
# It enabled auth_socket for root, so no need to define any root password... # It enabled auth_socket for root, so no need to define any root password...
# c.f. : cat /var/lib/dpkg/info/mariadb-server-10.3.postinst | grep install_db -C3 # c.f. : cat /var/lib/dpkg/info/mariadb-server-10.3.postinst | grep install_db -C3
MYSQL_PKG="$(dpkg --list | sed -ne 's/^ii \(mariadb-server-[[:digit:].]\+\) .*$/\1/p')"
dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1 dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1
systemctl -q is-active mariadb.service \ systemctl -q is-active mariadb.service \
@ -27,17 +27,30 @@ do_post_regen() {
sleep 5 sleep 5
echo "" | mysql && echo "Can't connect to mysql using unix_socket auth ... something went wrong during initial configuration of mysql !?" echo "" | mysql && echo "Can't connect to mysql using unix_socket auth ... something went wrong during initial configuration of mysql !?" >&2
fi fi
if [ ! -e /etc/yunohost/mysql ] # Legacy code to get rid of /etc/yunohost/mysql ...
then # Nowadays, we can simply run mysql while being run as root of unix_socket/auth_socket is enabled...
# Dummy password that's not actually used nor meaningful ... if [ -f /etc/yunohost/mysql ]; then
# (because mysql is supposed to be configured to use unix_socket on new setups)
# but keeping it for legacy # This is a trick to check if we're able to use mysql without password
# until we merge https://github.com/YunoHost/yunohost/pull/912 ... # Expect instances installed in stretch to already have unix_socket
ynh_string_random 10 > /etc/yunohost/mysql #configured, but not old instances from the jessie/wheezy era
chmod 400 /etc/yunohost/mysql if ! echo "" | mysql
then
password="$(cat /etc/yunohost/mysql)"
# Enable plugin unix_socket for root on localhost
mysql -u root -p"$password" <<< "GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED WITH unix_socket WITH GRANT OPTION;"
fi
# If now we're able to login without password, drop the mysql password
if echo "" | mysql
then
rm /etc/yunohost/mysql
else
echo "Can't connect to mysql using unix_socket auth ... something went wrong while trying to get rid of mysql password !?" >&2
fi
fi fi
# mysql is supposed to be an alias to mariadb... but in some weird case is not # mysql is supposed to be an alias to mariadb... but in some weird case is not

5
data/hooks/restore/11-conf_ynh_mysql
View file

@ -1,5 +0,0 @@
# We don't backup/restore mysql password anymore
# c.f. https://github.com/YunoHost/yunohost/pull/912
# This is a dummy empty file as a workaround for
# https://github.com/YunoHost/issues/issues/1553 until it is fixed

15
src/yunohost/tests/test_apps.py
View file

@ -55,18 +55,11 @@ def clean():
for folderpath in glob.glob("/var/www/*%s*" % test_app): for folderpath in glob.glob("/var/www/*%s*" % test_app):
shutil.rmtree(folderpath, ignore_errors=True) shutil.rmtree(folderpath, ignore_errors=True)
os.system( os.system("bash -c \"mysql -B 2>/dev/null <<< 'DROP DATABASE %s' \"" % test_app)
"bash -c \"mysql -u root --password=$(cat /etc/yunohost/mysql) 2>/dev/null <<< 'DROP DATABASE %s' \"" os.system("bash -c \"mysql -B 2>/dev/null <<< 'DROP USER %s@localhost'\"" % test_app)
% test_app
)
os.system(
"bash -c \"mysql -u root --password=$(cat /etc/yunohost/mysql) 2>/dev/null <<< 'DROP USER %s@localhost'\""
% test_app
)
os.system( # Reset failed quota for service to avoid running into start-limit rate ?
"systemctl reset-failed nginx" os.system("systemctl reset-failed nginx")
) # Reset failed quota for service to avoid running into start-limit rate ?
os.system("systemctl start nginx") os.system("systemctl start nginx")
# Clean permissions # Clean permissions