#!/bin/bash

set -e

. /usr/share/debconf/confmodule

if [ -n "$DEBIAN_SCRIPT_DEBUG" ]; then set -v -x; DEBIAN_SCRIPT_TRACE=1; fi
${DEBIAN_SCRIPT_TRACE:+ echo "#42#DEBUG# RUNNING $0 $*" 1>&2 }

export PATH=$PATH:/sbin:/usr/sbin:/bin:/usr/bin

# This command can be used as pipe to syslog. With "-s" it also logs to stderr.
ERR_LOGGER="logger -p daemon.err -t mysqld_safe -i"

invoke() {
if [ -x /usr/sbin/invoke-rc.d ]; then
invoke-rc.d mysql $1
else
/etc/init.d/mysql $1
fi
}

MYSQL_BOOTSTRAP="/usr/sbin/mysqld --bootstrap --user=mysql --skip-grant-tables"

test_mysql_access() {
mysql --no-defaults -u root -h localhost </dev/null >/dev/null 2>&1
}

# call with $1 = "online" to connect to the server, otherwise it bootstraps
set_mysql_rootpw() {
# forget we ever saw the password. don't use reset to keep the seen status
db_set mysql-server/root_password ""
db_set mysql-server/root_password_again ""

tfile=`mktemp`
if [ ! -f "$tfile" ]; then
return 1
fi

# this avoids us having to call "test" or "[" on $rootpw
cat << EOF > $tfile
USE mysql;
UPDATE user SET password=PASSWORD("$rootpw") WHERE user='root';
FLUSH PRIVILEGES;
EOF
if grep -q 'PASSWORD("")' $tfile; then
retval=0
elif [ "$1" = "online" ]; then
mysql --no-defaults -u root -h localhost <$tfile >/dev/null
retval=$?
else
$MYSQL_BOOTSTRAP <$tfile
retval=$?
fi
rm -f $tfile
return $retval
}

# This is necessary because mysql_install_db removes the pid file in /var/run
# and because changed configuration options should take effect immediately.
# In case the server wasn't running at all it should be ok if the stop
# script fails. I can't tell at this point because of the cleaned /var/run.
set +e; invoke stop; set -e

case "$1" in
configure)
mysql_datadir=/usr/share/mysql
mysql_statedir=/var/lib/mysql
mysql_rundir=/var/run/mysqld
mysql_logdir=/var/log
mysql_cfgdir=/etc/mysql
mysql_newlogdir=/var/log/mysql
mysql_upgradedir=/var/lib/mysql-upgrade
mysql_filesdir=/var/lib/mysql-files

# first things first, if the following symlink exists, it is a preserved
# copy the old data dir from a mysql upgrade that would have otherwise
# been replaced by an empty mysql dir. this should restore it.
for dir in DATADIR LOGDIR; do
if [ "$dir" = "DATADIR" ]; then targetdir=$mysql_statedir; else targetdir=$mysql_newlogdir; fi
savelink="$mysql_upgradedir/$dir.link"
if [ -L "$savelink" ]; then
# If the targetdir was a symlink before we upgraded it is supposed
# to be either still be present or not existing anymore now.
if [ -L "$targetdir" ]; then
rm "$savelink"
elif [ ! -d "$targetdir" ]; then
mv "$savelink" "$targetdir"
else
# this should never even happen, but just in case...
mysql_tmp=`mktemp -d -t mysql-symlink-restore-XXXXXX`
echo "this is very strange! see $mysql_tmp/README..." >&2
mv "$targetdir" "$mysql_tmp"
cat << EOF > "$mysql_tmp/README"

if you're reading this, it's most likely because you had replaced /var/lib/mysql
with a symlink, then upgraded to a new version of mysql, and then dpkg
removed your symlink (see #182747 and others). the mysql packages noticed
that this happened, and as a workaround have restored it. however, because
/var/lib/mysql seems to have been re-created in the meantime, and because
we don't want to rm -rf something we don't know as much about, we're going
to leave this unexpected directory here. if your database looks normal,
and this is not a symlink to your database, you should be able to blow
this all away.

EOF
fi
fi
rmdir $mysql_upgradedir 2>/dev/null || true
done

# Ensure the existence and right permissions for the database and
# log files.
if [ ! -d "$mysql_statedir" -a ! -L "$mysql_statedir" ]; then mkdir "$mysql_statedir"; fi
if [ ! -d "$mysql_statedir/mysql" -a ! -L "$mysql_statedir/mysql" ]; then mkdir "$mysql_statedir/mysql"; fi
if [ ! -d "$mysql_newlogdir" -a ! -L "$mysql_newlogdir" ]; then mkdir "$mysql_newlogdir"; fi
if [ ! -d "$mysql_filesdir" -a ! -L "$mysql_filesdir" ]; then mkdir "$mysql_filesdir"; fi
# When creating an ext3 jounal on an already mounted filesystem like e.g.
# /var/lib/mysql, you get a .journal file that is not modifyable by chown.
# The mysql_datadir must not be writable by the mysql user under any
# circumstances as it contains scripts that are executed by root.
set +e
chown -R 0:0 $mysql_datadir
chown -R mysql $mysql_statedir
chmod 700 $mysql_statedir $mysql_statedir/mysql
if [ ! -d "$mysql_rundir" ]; then mkdir "$mysql_rundir"; fi
chown -R mysql $mysql_rundir
chown -R mysql:adm $mysql_newlogdir; chmod 2750 $mysql_newlogdir;
for i in log err; do
touch $mysql_logdir/mysql.$i
chown mysql:adm $mysql_logdir/mysql.$i
chmod 0640 $mysql_logdir/mysql.$i
done
chown -R mysql:mysql $mysql_filesdir
chmod 700 $mysql_filesdir
set -e

# This is important to avoid dataloss when there is a removed
# mysql-server version from Woody lying around which used the same
# data directory and then somewhen gets purged by the admin.
db_set mysql-server/postrm_remove_database false || true

# To avoid downgrades.
touch $mysql_statedir/debian-5.5.flag

# initiate databases. Output is not allowed by debconf :-(
# Debian: beware of the bashisms...
# Debian: can safely run on upgrades with existing databases
set +e
bash /usr/bin/mysql_install_db --user mysql --rpm 2>&1 | $ERR_LOGGER
if [ "$?" != "0" ]; then
echo "ATTENTION: An error has occured. More info is in the syslog!"
fi
set -e

## On every reconfiguration the maintenance user is recreated.
#
# - It is easier to regenerate the password every time but as people
# use fancy rsync scripts and file alteration monitors, the existing
# password is used and existing files not touched.
# - The mysqld statement is like that in mysql_install_db because the
# server is not already running. This has some implications:
# - The amount of newlines and semicolons in the query is important!
# - GRANT is not possible with --skip-grant-tables and "INSERT
# (user,host..) VALUES" is not --ansi compliant
# - The echo is just for readability. ash's buildin has no "-e" so use /bin/echo.
# - The Super_priv, Show_db_priv, Create_tmp_table_priv and Lock_tables_priv
# may not be present as old Woody 3.23 databases did not have it and the
# admin might not already have run mysql_upgrade which adds them.
# As the binlog cron scripts to need at least the Super_priv, I do first
# the old query which always succeeds and then the new which may or may not.

# recreate the credentials file if not present or without mysql_upgrade stanza
dc=$mysql_cfgdir/debian.cnf;
if [ -e "$dc" -a -n "`fgrep mysql_upgrade $dc 2>/dev/null`" ]; then
pass="`sed -n 's/^[ ]*password *= *// p' $dc | head -n 1`"
else
pass=`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..16)'`;
if [ ! -d "$mysql_cfgdir" ]; then install -o 0 -g 0 -m 0755 -d $mysql_cfgdir; fi
umask 066
cat /dev/null > $dc
umask 022
echo "# Automatically generated for Debian scripts. DO NOT TOUCH!" >>$dc
echo "[client]" >>$dc
echo "host = localhost" >>$dc
echo "user = debian-sys-maint" >>$dc
echo "password = $pass" >>$dc
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
echo "[mysql_upgrade]" >>$dc
echo "host = localhost" >>$dc
echo "user = debian-sys-maint" >>$dc
echo "password = $pass" >>$dc
echo "socket = $mysql_rundir/mysqld.sock" >>$dc
echo "basedir = /usr" >>$dc
fi
# If this dir chmod go+w then the admin did it. But this file should not.
chown 0:0 $dc
chmod 0600 $dc

# update privilege tables
password_column_fix_query=`echo -e \
"USE mysql\n" \
"ALTER TABLE user CHANGE Password Password char(41) character set latin1 collate latin1_bin DEFAULT '' NOT NULL"`;
replace_query=`echo -e \
"USE mysql\n" \
"REPLACE INTO user SET " \
" host='localhost', user='debian-sys-maint', password=password('$pass'), " \
" Select_priv='Y', Insert_priv='Y', Update_priv='Y', Delete_priv='Y', " \
" Create_priv='Y', Drop_priv='Y', Reload_priv='Y', Shutdown_priv='Y', " \
" Process_priv='Y', File_priv='Y', Grant_priv='Y', References_priv='Y', " \
" Index_priv='Y', Alter_priv='Y', Super_priv='Y', Show_db_priv='Y', "\
" Create_tmp_table_priv='Y', Lock_tables_priv='Y', Execute_priv='Y', "\
" Repl_slave_priv='Y', Repl_client_priv='Y', Create_view_priv='Y', "\
" Show_view_priv='Y', Create_routine_priv='Y', Alter_routine_priv='Y', "\
" Create_user_priv='Y', Event_priv='Y', Trigger_priv='Y', Create_tablespace_priv='Y' "`;
fix_privs=`echo -e \
"USE mysql;\n" \
"ALTER TABLE user ADD column Create_view_priv enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N'; " \
"ALTER TABLE user ADD column Show_view_priv enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N'; " \
"ALTER TABLE user ADD column Create_routine_priv enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N'; " \
"ALTER TABLE user ADD column Alter_routine_priv enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N'; " \
"ALTER TABLE user ADD column Create_user_priv enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N'; " \
"ALTER TABLE user ADD column Event_priv enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N'; " \
"ALTER TABLE user ADD column Trigger_priv enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N'; " \
"ALTER TABLE user ADD column Create_tablespace_priv enum('N','Y') CHARACTER SET utf8 NOT NULL DEFAULT 'N'; " `
# Engines supported by etch should be installed per default. The query sequence is supposed
# to be aborted if the CREATE TABLE fails due to an already existent table in which case the
# admin might already have chosen to remove one or more plugins. Newlines are necessary.
install_plugins=`echo -e \
"USE mysql;\n" \
"CREATE TABLE plugin (name char(64) COLLATE utf8_bin NOT NULL DEFAULT '', " \
" dl char(128) COLLATE utf8_bin NOT NULL DEFAULT '', " \
" PRIMARY KEY (name)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='MySQL plugins';\n" \
"INSERT INTO plugin VALUES ('innodb', 'ha_innodb.so');\n" \
"INSERT INTO plugin VALUES ('federated', 'ha_federated.so');\n" \
"INSERT INTO plugin VALUES ('blackhole', 'ha_blackhole.so');\n" \
"INSERT INTO plugin VALUES ('archive', 'ha_archive.so');" `

# Upgrade password column format before the root password gets set.
echo "$password_column_fix_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER

db_get mysql-server/root_password && rootpw="$RET"
if ! set_mysql_rootpw; then
password_error="yes"
fi

echo "$fix_privs" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
echo "$replace_query" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
set +e
echo "$install_plugins" | $MYSQL_BOOTSTRAP 2>&1 | $ERR_LOGGER
set -e
;;

abort-upgrade|abort-remove|abort-configure)
;;

*)
echo "postinst called with unknown argument '$1'" 1>&2
exit 1
;;
esac

# here we check to see if we can connect as root without a password
# this should catch upgrades from previous versions where the root
# password wasn't set. if there is a password, or if the connection
# fails for any other reason, nothing happens.
if [ "$1" = "configure" ]; then
if test_mysql_access; then
db_input medium mysql-server/root_password || true
db_go
db_get mysql-server/root_password && rootpw="$RET"

if ! set_mysql_rootpw "online"; then
password_error="yes"
fi
fi

if [ "$password_error" = "yes" ]; then
db_input high mysql-server/error_setting_password || true
db_go
fi

fi

db_stop # in case invoke failes

# Automatically added by dh_installinit
if [ -x "/etc/init.d/mysql" ] || [ -e "/etc/init/mysql.conf" ]; then
if [ ! -e "/etc/init/mysql.conf" ]; then
update-rc.d mysql defaults 19 21 >/dev/null
fi
invoke-rc.d mysql start || exit $?
fi
# End automatically added section
# Automatically added by dh_installinit
update-rc.d -f mysql remove >/dev/null || exit $?
# End automatically added section
# Automatically added by dh_apparmor
if [ "$1" = "configure" ]; then
APP_PROFILE="/etc/apparmor.d/usr.sbin.mysqld"
if [ -f "$APP_PROFILE" ]; then
# Add the local/ include
LOCAL_APP_PROFILE="/etc/apparmor.d/local/usr.sbin.mysqld"

test -e "$LOCAL_APP_PROFILE" || {
tmp=`mktemp`
cat <<EOM > "$tmp"
# Site-specific additions and overrides for usr.sbin.mysqld.
# For more details, please see /etc/apparmor.d/local/README.
EOM
mkdir `dirname "$LOCAL_APP_PROFILE"` 2>/dev/null || true
mv -f "$tmp" "$LOCAL_APP_PROFILE"
chmod 644 "$LOCAL_APP_PROFILE"
}

# Reload the profile, including any abstraction updates
if aa-status --enabled 2>/dev/null; then
apparmor_parser -r -T -W "$APP_PROFILE" || true
fi
fi
fi
# End automatically added section


exit 0