aboutsummaryrefslogtreecommitdiffstats
path: root/kubernetes/portal/components
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/portal/components')
-rw-r--r--kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh18
1 files changed, 12 insertions, 6 deletions
diff --git a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
index c4a21b927f..65b9636891 100644
--- a/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
+++ b/kubernetes/portal/components/portal-mariadb/resources/config/mariadb/docker-entrypoint.sh
@@ -1,4 +1,5 @@
#!/bin/bash
+
set -eo pipefail
shopt -s nullglob
@@ -30,10 +31,15 @@ file_env() {
mysql_error "Both $var and $fileVar are set (but are exclusive)"
fi
local val="$def"
+ # val="${!var}"
+ # val="$(< "${!fileVar}")"
+ # eval replacement of the bashism equivalents above presents no security issue here
+ # since var and fileVar variables contents are derived from the file_env() function arguments.
+ # This method is only called inside this script with a limited number of possible values.
if [ "${!var:-}" ]; then
- val="${!var}"
+ eval val=\$$var
elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
+ val="$(< "$(eval echo "\$$fileVar")")"
fi
export "$var"="$val"
unset "$fileVar"
@@ -105,7 +111,7 @@ docker_temp_server_start() {
# so that it won't try to fill in a password file when it hasn't been set yet
extraArgs=()
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- extraArgs+=( '--dont-use-mysql-root-password' )
+ extraArgs=${extraArgs}( '--dont-use-mysql-root-password' )
fi
if echo 'SELECT 1' |docker_process_sql "${extraArgs[@]}" --database=mysql >/dev/null 2>&1; then
break
@@ -155,7 +161,7 @@ docker_init_database_dir() {
# beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
# see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
# (this flag doesn't exist in 10.0 and below)
- installArgs+=( --auth-root-authentication-method=normal )
+ installArgs=${installArgs}( --auth-root-authentication-method=normal )
fi
# "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
mysql_install_db "${installArgs[@]}" "${@:2}"
@@ -191,7 +197,7 @@ docker_setup_env() {
docker_process_sql() {
passfileArgs=()
if [ '--dont-use-mysql-root-password' = "$1" ]; then
- passfileArgs+=( "$1" )
+ passfileArgs=${passfileArgs}( "$1" )
shift
fi
# args sent in can override this db, since they will be later in the command
@@ -323,7 +329,7 @@ _main() {
# If container is started as root user, restart as dedicated mysql user
if [ "$(id -u)" = "0" ]; then
mysql_note "Switching to dedicated user 'mysql'"
- exec gosu mysql "$BASH_SOURCE" "$@"
+ exec gosu mysql "$0" "$@"
fi
# there's no database, so it needs to be initialized