diff options
Diffstat (limited to 'kubernetes/portal/components/portal-mariadb')
| -rw-r--r-- | kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh | 42 |
1 files changed, 24 insertions, 18 deletions
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh index c4a21b927f..f5dcbff6bf 100644 --- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh +++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh @@ -1,4 +1,5 @@ #!/bin/bash + set -eo pipefail shopt -s nullglob @@ -30,10 +31,15 @@ file_env() { mysql_error "Both $var and $fileVar are set (but are exclusive)" fi local val="$def" + # val="${!var}" + # val="$(< "${!fileVar}")" + # eval replacement of the bashism equivalents above presents no security issue here + # since var and fileVar variables contents are derived from the file_env() function arguments. + # This method is only called inside this script with a limited number of possible values. if [ "${!var:-}" ]; then - val="${!var}" + eval val=\$$var elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" + val="$(< "$(eval echo "\$$fileVar")")" fi export "$var"="$val" unset "$fileVar" @@ -81,7 +87,7 @@ docker_process_init_files() { mysql_check_config() { local toRun=( "$@" --verbose --help --log-bin-index="$(mktemp -u)" ) errors if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then - mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors" + mysql_error "$(printf 'mysqld failed while attempting to check config\n\tcommand was: ')${toRun[*]}$(printf'\n\t')$errors" fi } @@ -100,14 +106,14 @@ docker_temp_server_start() { "$@" --skip-networking --socket="${SOCKET}" & mysql_note "Waiting for server startup" local i - for i in {30..0}; do + for i in $(seq 30 -1 0); do # only use the root password if the database has already been initializaed # so that it won't try to fill in a password file when it hasn't been set yet - extraArgs=() + extraArgs="" if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - extraArgs+=( '--dont-use-mysql-root-password' ) + extraArgs=${extraArgs}" --dont-use-mysql-root-password" fi - if echo 'SELECT 1' |docker_process_sql "${extraArgs[@]}" --database=mysql >/dev/null 2>&1; then + if echo 'SELECT 1' |docker_process_sql ${extraArgs} --database=mysql >/dev/null 2>&1; then break fi sleep 1 @@ -128,7 +134,7 @@ docker_temp_server_stop() { # Verify that the minimally required password settings are set for new databases. docker_verify_minimum_env() { if [ -z "$MYSQL_ROOT_PASSWORD" -a -z "$MYSQL_ALLOW_EMPTY_PASSWORD" -a -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then - mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD' + mysql_error "$(printf'Database is uninitialized and password option is not specified\n\tYou need to specify one of MYSQL_ROOT_PASSWORD, MYSQL_ALLOW_EMPTY_PASSWORD and MYSQL_RANDOM_ROOT_PASSWORD')" fi } @@ -150,15 +156,15 @@ docker_create_db_directories() { # initializes the database directory docker_init_database_dir() { mysql_note "Initializing database files" - installArgs=( --datadir="$DATADIR" --rpm ) + installArgs=" --datadir=$DATADIR --rpm " if { mysql_install_db --help || :; } | grep -q -- '--auth-root-authentication-method'; then # beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password # see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3 # (this flag doesn't exist in 10.0 and below) - installArgs+=( --auth-root-authentication-method=normal ) + installArgs=${installArgs}" --auth-root-authentication-method=normal" fi # "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here) - mysql_install_db "${installArgs[@]}" "${@:2}" + mysql_install_db ${installArgs} "$(echo ${@} | sed 's/^ *[^ ]* *//')" mysql_note "Database files initialized" } @@ -189,9 +195,9 @@ docker_setup_env() { # ie: docker_process_sql --database=mydb <<<'INSERT ...' # ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql docker_process_sql() { - passfileArgs=() + passfileArgs="" if [ '--dont-use-mysql-root-password' = "$1" ]; then - passfileArgs+=( "$1" ) + passfileArgs=${passfileArgs}" $1" shift fi # args sent in can override this db, since they will be later in the command @@ -199,7 +205,7 @@ docker_process_sql() { set -- --database="$MYSQL_DATABASE" "$@" fi - mysql --defaults-extra-file=<( _mysql_passfile "${passfileArgs[@]}") --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@" + mysql --defaults-extra-file=<( _mysql_passfile ${passfileArgs}) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@" } # Initializes database with timezone info and root password, plus optional extra db/user @@ -272,10 +278,10 @@ docker_setup_db() { if [ -n "$MYSQL_DATABASE" ]; then mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}" - echo "GRANT ALL ON \`${MYSQL_DATABASE//_/\\_}\`.* TO '$MYSQL_USER'@'%' ;" |docker_process_sql --database=mysql + echo "GRANT ALL ON \`$(echo $MYSQL_DATABASE | sed 's@_@\\_@g')\`.* TO '$MYSQL_USER'@'%' ;" | docker_process_sql --database=mysql fi - echo "FLUSH PRIVILEGES ;" |docker_process_sql --database=mysql + echo "FLUSH PRIVILEGES ;" | docker_process_sql --database=mysql fi } @@ -307,7 +313,7 @@ _mysql_want_help() { _main() { # if command starts with an option, prepend mysqld - if [ "${1:0:1}" = '-' ]; then + if echo "$1" | grep '^-' >/dev/null; then set -- mysqld "$@" fi @@ -323,7 +329,7 @@ _main() { # If container is started as root user, restart as dedicated mysql user if [ "$(id -u)" = "0" ]; then mysql_note "Switching to dedicated user 'mysql'" - exec gosu mysql "$BASH_SOURCE" "$@" + exec gosu mysql "$0" "$@" fi # there's no database, so it needs to be initialized |