[Python-modules-team] Bug#848287: [debian-mysql] Fwd: osmalchemy is marked for autoremoval from testing

Dominik George nik at naturalnet.de
Thu Jan 12 22:13:47 UTC 2017 

Hi,

> If I understand the issue here, this is nothing to do with MariaDB being or
> not being a drop-in for MySQL. The problem seems to be this patch in the
> Debian packaging:
> 
>   https://github.com/ottok/mariadb-10.1/blob/master/debian/patches/mdev-8375-passwordless-root-via-socket-auth.patch
> 
> The idea is to make the default install of package mariadb-server-10.1 use
> socket authentication for the root user, which seems fine. But the patch
> seems completely wrong. Rather than adding needed functionality to enable
> postinst to setup socket auth, instead it hardcodes this decision into
> mysql_install_db, which breaks other users.
> 
> So it has nothing to do with MySQL vs. MariaDB, such patch could just as
> well have been made against MySQL packaging, with same bad consequences. It
> is simply a bug / unintended consequence of an addition to debian/patches/,
> and simply needs to be fixed. Feel free to correct me if I'm wrong?
> 
> Suggestion for fixing: Add options --auth-root-socket and
> --auth-root-nopasswd to mysql_install_db. Echo a corresponding
> "SET @auth_root_socket=1" or "SET @auth_root_nopasswd=1" down the
> mysqld_install_cmd_line pipe. Then in mysql_system_tables_data.sql choose
> one or the other contents for the user table like this:
> 
>   REPLACE INTO tmp_user_nopasswd ...
>   INSERT INTO tmp_user_socket ...
>   INSERT INTO user SELECT * FROM tmp_user_nopasswd WHERE @had_user_table=0 and @auth_root_nopasswd=1;
>   INSERT INTO user SELECT * FROM tmp_user_socket WHERE @had_user_table=0 and @auth_root_socket=1;
> 
> This way, mariadb-server-10.1 postinst can use
> mysql_install_db --auth-root-socket. And ruby-mysql2 can use
> mysql_install_db --auth-root-nopasswd. And if --auth-root-nopasswd is made
> the default, then existing users can work fine without any changes.
> Sounds reasonable?

That's exactly what this is all about.

Thanks for putting it in other words and probably doing better at that
than me!

-nik

-- 
PGP-Fingerprint: 3C9D 54A4 7575 C026 FB17  FD26 B79A 3C16 A0C4 F296

Dominik George · Hundeshagenstr. 26 · 53225 Bonn
Mobile: +49-1520-1981389 · https://www.dominik-george.de/

Teckids e.V. · FrOSCon e.V.
Fellowship of the FSFE · Piratenpartei Deutschland
Opencaching Deutschland e.V. · Debian Maintainer

LPIC-3 Linux Enterprise Professional (Security)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 902 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/python-modules-team/attachments/20170112/395bf0af/attachment.sig>

More information about the Python-modules-team mailing list