[debian-mysql] Bug#1023778: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]

Sat Nov 12 22:09:41 GMT 2022

So what Fedora does is a prep script called at StartPre on their
systemd service.
https://src.fedoraproject.org/rpms/mariadb/blob/rawhide/f/mariadb-prepare-db-dir.sh

Which even recently was seen as bloated
(https://lists.launchpad.net/maria-discuss/msg06376.html).

What could be done is a oneshot
(https://www.redhat.com/sysadmin/systemd-oneshot-service) service
before MariaDB/MySQL that does the installation.
Either installation or startup triggered.

At least on TMPDIR side, the systemd side PrivateTmp is default
(https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp=)
for at least the oneshot service.
The option for loading files into MariaDB was the only reason this
wasn't set in the default MariaDB systemd file.

How User= systemd directives work with lbpam-tmpdir I'm not sure,
however without a setuid there shouldn't be an invalid TMPDIR env
variable there.

Also not perfect, but maybe viable.

On Sun, Nov 13, 2022 at 8:14 AM Otto Kekäläinen <otto at kekalainen.net> wrote:
>
> > > I think the answer to this should probably be established by the
> > > libpam-tmpdir maintainer and documented first, for fear of someone else
> > > later coming along and saying that the maintainer script incorrectly
> > > ignores TMPDIR because we started ignoring it to resolve this bug. So I
> > > copied debian-devel@ for comment.
> >
> > I'm not sure this is libpam-tmpdir specific, but rather a bit more
> > general: what are the expectations that maintainer scripts can have
> > about the environment they're running in, and how do we make those
> > expectations hold?  This should probably then be documented in policy.
>
> This MySQL 8.0 in Sid tmpdir issue is identical to MariaDB 10.6 in Sid
> tmpdir issue, as they are based on historically the same maintainer
> script.
>
> MariaDB duplicate of this has been filed as
> https://jira.mariadb.org/browse/MDEV-29910 and
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022994
>
> The suggested solution in
> https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests/23
> to set an empty TMPDIR does not seem to work - or at least CI shows
> that even a basic install fails after that.
>
> Instead of manually trying to manage TMPDIR env variable in various
> places, we should have a standardized way to run maintainer scripts in
> clean shell sessions that have all env variables set automatically
> correctly.
>
> More proposals on how to handle this are welcome at
> https://salsa.debian.org/mariadb-team/mariadb-server/-/merge_requests
> :)
>
> - Otto