mysqldumpsecure.cnf generation broken by a "&" in mysql pw

[erythro]

ISSUE TYPE

• Bug Report

Checklist

• .env file is attached
• docker-compose.override.yml is attached (if it exists)
• Custom configs from cfg/ dir are attached (if customized)
• docker-compose logs and log/ output is added
• I've looked through the docs: https://devilbox.readthedocs.io/en/latest/
• I've looked through existing issues: https://github.com/cytopia/devilbox/issues
• I've read troubleshooting: https://devilbox.readthedocs.io/en/latest/support/troubleshooting.html

OS / ENVIRONMENT

1. Host operating system and version: Windows
2. (Windows) Native Docker or Docker Toolbox: Native
3. Docker version: 2.0.0
4. Docker Compose version: 1.23.2
5. (Linux) Is SELinux enabled?: n/a
6. What git commit hash are you on?: 4e429a9

SUMMARY

I'm not going to reveal my mysql password, but say it was before&after my mysqldump-secure.cnf would look like this:

host = mysql
port = 3306
user = root
password = beforepassword = "verySecurePasswordWith$%&SpecialChars"after

So running mysqldump-secure.cnf gives an error.

STEPS TO REPRODUCE

Set your mysql password to something containing an "&" character.
I set the mysql password in Heidisql (my sql client), and in the .env config

EXPECTED BEHAVIOUR

/etc/mysqldump-secure.cnf password section set with my password

ACTUAL BEHAVIOUR

/etc/mysqldump-secure.cnf looking the way it does in the summary.

OTHER INFORMATION

Start command

$ docker-compose up -d

[science695]

Hello,

That is likely a problem with mysqldump, and not directly devilbox.

However, you should be able to try a couple things:

• use single quotes 'VerySecurePasswordWith$%&SpecialChars"after'
• backslash the special characters: "VerySecurePasswordWith$%&SpecialChars"after"

[erythro]

Thanks for getting back to me @science695.

I think I might have perhaps been less clear in my original post than I'd have liked.

My example password wasn't VerySecurePasswordWith$%&SpecialChars"after, it was before&after

So my .env file would look like

MYSQL_ROOT_PASSWORD=before&after

and when I set my password to that my /etc/mysqldump-secure.cnf looks like after running docker-compose up -d

host = mysql
port = 3306
user = root
password = beforepassword = "verySecurePasswordWith$%&SpecialChars"after

Escaping attempts

Now, on your suggestion I tried wrapping my password in .env with single quotes, double quotes, and backslash escaping the "&". Here are my results

No quotes and backslash

MYSQL_ROOT_PASSWORD=before\&after

host = mysql
port = 3306
user = root
password = before&after

But mysql doesn't connect! (Failed to connect: Access denied for user 'root'@'172.16.238.10' (using password: YES))

Double quotes no backslash

MYSQL_ROOT_PASSWORD="before&after"

host = mysql
port = 3306
user = root
password = "beforepassword = "verySecurePasswordWith$%&SpecialChars"after"

mysql also doesn't connect

Double quotes and backslash

MYSQL_ROOT_PASSWORD="before\&after"

host = mysql
port = 3306
user = root
password = "before&after"

mysql also doesn't connect

Single quotes and backslash

MYSQL_ROOT_PASSWORD='before\&after'

host = mysql
port = 3306
user = root
password = beforepassword = "verySecurePasswordWith$%&SpecialChars"after

mysql also doesn't connect

Single quotes no backslash

MYSQL_ROOT_PASSWORD='before&after'

and I'm not able to log in to look at /etc/mysqldump-secure.cnf, because this causes some serious problems with devilbox. trying to access the intranet gives this message

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /index.php.

Reason: DNS lookup failure for: php

So it looks to me as if there is inconsistent or faulty escaping of the value of MYSQL_ROOT_PASSWORD in the .env file.

Do you agree?

[cytopia]

This is a very valid point and I have already identified the problem. It is caused by sed as & is treated special for sed commands: https://github.com/devilbox/docker-php-fpm/blob/master/Dockerfiles/work/data/docker-entrypoint.d/400-mysqldump-secure.sh#L58

[science695]

Does that mean it should be double or triple backslashed? \& or \& or \\&

[cytopia]

It should be quoted by the sed command or an alternative method use to generate the config file. By adding a slach in .env I fear that the slash will then be part of the password itself and sed will always be one slach behind ;-)

So best is to fix the sed side and ensure everything is as typed to the user.

[cytopia]

@erythro to not keep you blocked at the moment, the current work-around is to not use a & in your password. Once the PR is ready and merged you can then use & again.

[cytopia]

Has been properly addressed in Release v1.0.1

https://github.com/cytopia/devilbox/releases/tag/v1.0.1

[SiRWaTT86]

I guess the error still persist in latest version. I changed mysql password (root) thru phpmyadmin interface... then updated .env MYSQL_ROOT_PASSWORD=****@#$ (same password as mysql root).
Stopped the containers then removed them, then started devilbox again (docker-compose up)...
Within few seconds php-fpm container stopped (with error 255). But when I remove the password in .env or change it to normal string or alphabets in .env file it works fine except that phpmyadmin gives error (of course password mismatch).
All the same devilbox is the best.