Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sync MySQL entrypoint changes #271

Merged
merged 1 commit into from
Nov 12, 2019
Merged

Conversation

yosifkit
Copy link
Contributor

@yosifkit yosifkit commented Nov 1, 2019

especially for docker-library/mysql#471

MariaDB changes:
--- ../mysql/8.0/docker-entrypoint.sh	2019-10-31 16:13:59.806906074 -0700
+++ docker-entrypoint.sh	2019-10-31 16:53:32.767350232 -0700
@@ -68,7 +68,7 @@
 }
 
 mysql_check_config() {
-	local toRun=( "$@" --verbose --help ) errors
+	local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
 	if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
 		mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors"
 	fi
@@ -86,30 +86,23 @@
 
 # Do a temporary startup of the MySQL server, for init purposes
 docker_temp_server_start() {
-	if [ "${MYSQL_MAJOR}" = '5.6' ] || [ "${MYSQL_MAJOR}" = '5.7' ]; then
-		"$@" --skip-networking --socket="${SOCKET}" &
-		mysql_note "Waiting for server startup"
-		local i
-		for i in {30..0}; do
-			# only use the root password if the database has already been initializaed
-			# so that it won't try to fill in a password file when it hasn't been set yet
-			extraArgs=()
-			if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
-				extraArgs+=( '--dont-use-mysql-root-password' )
-			fi
-			if docker_process_sql "${extraArgs[@]}" --database=mysql <<<'SELECT 1' &> /dev/null; then
-				break
-			fi
-			sleep 1
-		done
-		if [ "$i" = 0 ]; then
-			mysql_error "Unable to start server."
+	"$@" --skip-networking --socket="${SOCKET}" &
+	mysql_note "Waiting for server startup"
+	local i
+	for i in {30..0}; do
+		# only use the root password if the database has already been initializaed
+		# so that it won't try to fill in a password file when it hasn't been set yet
+		extraArgs=()
+		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+			extraArgs+=( '--dont-use-mysql-root-password' )
 		fi
-	else
-		# For 5.7+ the server is ready for use as soon as startup command unblocks
-		if ! "$@" --daemonize --skip-networking --socket="${SOCKET}"; then
-			mysql_error "Unable to start server."
+		if docker_process_sql "${extraArgs[@]}" --database=mysql <<<'SELECT 1' &> /dev/null; then
+			break
 		fi
+		sleep 1
+	done
+	if [ "$i" = 0 ]; then
+		mysql_error "Unable to start server."
 	fi
 }
 
@@ -146,19 +139,16 @@
 # initializes the database directory
 docker_init_database_dir() {
 	mysql_note "Initializing database files"
-	if [ "$MYSQL_MAJOR" = '5.6' ]; then
-		mysql_install_db --datadir="$DATADIR" --rpm --keep-my-cnf "${@:2}"
-	else
-		"$@" --initialize-insecure
+	installArgs=( --datadir="$DATADIR" --rpm )
+	if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+		# beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+		# see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+		# (this flag doesn't exist in 10.0 and below)
+		installArgs+=( --auth-root-authentication-method=normal )
 	fi
+	# "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+	mysql_install_db "${installArgs[@]}" "${@:2}"
 	mysql_note "Database files initialized"
-
-	if command -v mysql_ssl_rsa_setup > /dev/null && [ ! -e "$DATADIR/server-key.pem" ]; then
-		# https://github.com/mysql/mysql-server/blob/23032807537d8dd8ee4ec1c4d40f0633cd4e12f9/packaging/deb-in/extra/mysql-systemd-start#L81-L84
-		mysql_note "Initializing certificates"
-		mysql_ssl_rsa_setup --datadir="$DATADIR"
-		mysql_note "Certificates initialized"
-	fi
 }
 
 # Loads various settings that are used elsewhere in the script
@@ -227,34 +217,18 @@
 		EOSQL
 	fi
 
-	local passwordSet=
-	if [ "$MYSQL_MAJOR" = '5.6' ]; then
-		# no, we don't care if read finds a terminating character in this heredoc (see above)
-		read -r -d '' passwordSet <<-EOSQL || true
-			DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
-			SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
-
-			-- 5.5: https://github.com/mysql/mysql-server/blob/e48d775c6f066add457fa8cfb2ebc4d5ff0c7613/scripts/mysql_secure_installation.sh#L192-L210
-			-- 5.6: https://github.com/mysql/mysql-server/blob/06bc670db0c0e45b3ea11409382a5c315961f682/scripts/mysql_secure_installation.sh#L218-L236
-			-- 5.7: https://github.com/mysql/mysql-server/blob/913071c0b16cc03e703308250d795bc381627e37/client/mysql_secure_installation.cc#L792-L818
-			-- 8.0: https://github.com/mysql/mysql-server/blob/b93c1661d689c8b7decc7563ba15f6ed140a4eb6/client/mysql_secure_installation.cc#L726-L749
-			DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
-			-- https://github.com/docker-library/mysql/pull/479#issuecomment-414561272 ("This is only needed for 5.5 and 5.6")
-		EOSQL
-	else
-		# no, we don't care if read finds a terminating character in this heredoc (see above)
-		read -r -d '' passwordSet <<-EOSQL || true
-			ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
-		EOSQL
-	fi
-
 	# tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
 	docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
 		-- What's done in this file shouldn't be replicated
 		--  or products like mysql-fabric won't work
 		SET @@SESSION.SQL_LOG_BIN=0;
 
-		${passwordSet}
+		DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+		SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+		-- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
+		-- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
+		DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
+
 		GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
 		FLUSH PRIVILEGES ;
 		${rootCreate}
@@ -292,16 +266,6 @@
 	fi
 }
 
-# Mark root user as expired so the password must be changed before anything
-# else can be done (only supported for 5.6+)
-mysql_expire_root_user() {
-	if [ -n "$MYSQL_ONETIME_PASSWORD" ]; then
-		docker_process_sql --database=mysql <<-EOSQL
-			ALTER USER 'root'@'%' PASSWORD EXPIRE;
-		EOSQL
-	fi
-}
-
 # check arguments for an option that would cause mysqld to stop
 # return true if there is one
 _mysql_want_help() {
@@ -349,8 +313,6 @@
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 
-			mysql_expire_root_user
-
 			mysql_note "Stopping temporary server"
 			docker_temp_server_stop
 			mysql_note "Temporary server stopped"

Related to docker-library/postgres#496

@yosifkit
Copy link
Contributor Author

--ignore-all-space diff to MySQL 8.0:
diff --git a/../mysql/8.0/docker-entrypoint.sh b/./docker-entrypoint.sh
index 6f0f131..77c5d4c 100755
--- a/../mysql/8.0/docker-entrypoint.sh
+++ b/./docker-entrypoint.sh
@@ -68,7 +68,7 @@ docker_process_init_files() {
 }
 
 mysql_check_config() {
-	local toRun=( "$@" --verbose --help ) errors
+	local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors
 	if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
 		mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors"
 	fi
@@ -86,7 +86,6 @@ mysql_get_config() {
 
 # Do a temporary startup of the MySQL server, for init purposes
 docker_temp_server_start() {
-	if [ "${MYSQL_MAJOR}" = '5.6' ] || [ "${MYSQL_MAJOR}" = '5.7' ]; then
 	"$@" --skip-networking --socket="${SOCKET}" &
 	mysql_note "Waiting for server startup"
 	local i
@@ -105,12 +104,6 @@ docker_temp_server_start() {
 	if [ "$i" = 0 ]; then
 		mysql_error "Unable to start server."
 	fi
-	else
-		# For 5.7+ the server is ready for use as soon as startup command unblocks
-		if ! "$@" --daemonize --skip-networking --socket="${SOCKET}"; then
-			mysql_error "Unable to start server."
-		fi
-	fi
 }
 
 # Stop the server. When using a local socket file mysqladmin will block until
@@ -146,19 +139,16 @@ docker_create_db_directories() {
 # initializes the database directory
 docker_init_database_dir() {
 	mysql_note "Initializing database files"
-	if [ "$MYSQL_MAJOR" = '5.6' ]; then
-		mysql_install_db --datadir="$DATADIR" --rpm --keep-my-cnf "${@:2}"
-	else
-		"$@" --initialize-insecure
+	installArgs=( --datadir="$DATADIR" --rpm )
+	if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then
+		# beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
+		# see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
+		# (this flag doesn't exist in 10.0 and below)
+		installArgs+=( --auth-root-authentication-method=normal )
 	fi
+	# "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+	mysql_install_db "${installArgs[@]}" "${@:2}"
 	mysql_note "Database files initialized"
-
-	if command -v mysql_ssl_rsa_setup > /dev/null && [ ! -e "$DATADIR/server-key.pem" ]; then
-		# https://github.com/mysql/mysql-server/blob/23032807537d8dd8ee4ec1c4d40f0633cd4e12f9/packaging/deb-in/extra/mysql-systemd-start#L81-L84
-		mysql_note "Initializing certificates"
-		mysql_ssl_rsa_setup --datadir="$DATADIR"
-		mysql_note "Certificates initialized"
-	fi
 }
 
 # Loads various settings that are used elsewhere in the script
@@ -227,34 +217,18 @@ docker_setup_db() {
 		EOSQL
 	fi
 
-	local passwordSet=
-	if [ "$MYSQL_MAJOR" = '5.6' ]; then
-		# no, we don't care if read finds a terminating character in this heredoc (see above)
-		read -r -d '' passwordSet <<-EOSQL || true
-			DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
-			SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
-
-			-- 5.5: https://github.com/mysql/mysql-server/blob/e48d775c6f066add457fa8cfb2ebc4d5ff0c7613/scripts/mysql_secure_installation.sh#L192-L210
-			-- 5.6: https://github.com/mysql/mysql-server/blob/06bc670db0c0e45b3ea11409382a5c315961f682/scripts/mysql_secure_installation.sh#L218-L236
-			-- 5.7: https://github.com/mysql/mysql-server/blob/913071c0b16cc03e703308250d795bc381627e37/client/mysql_secure_installation.cc#L792-L818
-			-- 8.0: https://github.com/mysql/mysql-server/blob/b93c1661d689c8b7decc7563ba15f6ed140a4eb6/client/mysql_secure_installation.cc#L726-L749
-			DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
-			-- https://github.com/docker-library/mysql/pull/479#issuecomment-414561272 ("This is only needed for 5.5 and 5.6")
-		EOSQL
-	else
-		# no, we don't care if read finds a terminating character in this heredoc (see above)
-		read -r -d '' passwordSet <<-EOSQL || true
-			ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}' ;
-		EOSQL
-	fi
-
 	# tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is just now being set
 	docker_process_sql --dont-use-mysql-root-password --database=mysql <<-EOSQL
 		-- What's done in this file shouldn't be replicated
 		--  or products like mysql-fabric won't work
 		SET @@SESSION.SQL_LOG_BIN=0;
 
-		${passwordSet}
+		DELETE FROM mysql.user WHERE user NOT IN ('mysql.sys', 'mysqlxsys', 'root') OR host NOT IN ('localhost') ;
+		SET PASSWORD FOR 'root'@'localhost'=PASSWORD('${MYSQL_ROOT_PASSWORD}') ;
+		-- 10.1: https://github.com/MariaDB/server/blob/d925aec1c10cebf6c34825a7de50afe4e630aff4/scripts/mysql_secure_installation.sh#L347-L365
+		-- 10.5: https://github.com/MariaDB/server/blob/00c3a28820c67c37ebbca72691f4897b57f2eed5/scripts/mysql_secure_installation.sh#L351-L369
+		DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%' ;
+
 		GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
 		FLUSH PRIVILEGES ;
 		${rootCreate}
@@ -292,16 +266,6 @@ _mysql_passfile() {
 	fi
 }
 
-# Mark root user as expired so the password must be changed before anything
-# else can be done (only supported for 5.6+)
-mysql_expire_root_user() {
-	if [ -n "$MYSQL_ONETIME_PASSWORD" ]; then
-		docker_process_sql --database=mysql <<-EOSQL
-			ALTER USER 'root'@'%' PASSWORD EXPIRE;
-		EOSQL
-	fi
-}
-
 # check arguments for an option that would cause mysqld to stop
 # return true if there is one
 _mysql_want_help() {
@@ -349,8 +313,6 @@ _main() {
 			docker_setup_db
 			docker_process_init_files /docker-entrypoint-initdb.d/*
 
-			mysql_expire_root_user
-
 			mysql_note "Stopping temporary server"
 			docker_temp_server_stop
 			mysql_note "Temporary server stopped"

@tianon tianon merged commit 3b2e52a into MariaDB:master Nov 12, 2019
@tianon tianon deleted the rsync-with-mysql branch November 12, 2019 22:50
docker-library-bot added a commit to docker-library-bot/official-images that referenced this pull request Nov 12, 2019
Changes:

- MariaDB/mariadb-docker@3b2e52a: Merge pull request MariaDB/mariadb-docker#271 from infosiftr/rsync-with-mysql
hswong3i added a commit to alvistack/docker-mariadb that referenced this pull request Jan 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants