Your message dated Sun, 23 Dec 2018 10:38:52 +0200
with message-id
<cahj_tlcspakdsew6jqm_z17ip8t3xxaaut6rra-pe8g8oob...@mail.gmail.com>
and subject line Re: [debian-mysql] Bug#915130: Bug#915130: Further information
has caused the Debian Bug report #915130,
regarding mariadb-server-10.1: mariadb ignores debconf value root_password
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
915130: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915130
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mariadb-server-10.1
Version: 10.1.37-0+deb9u1
Severity: normal
Dear Maintainer,
it used to be possible to specify a root password pre-installation by
setting the debconf value root_password and root_password again like
this:
debconf-set-selections <<< "mysql-server mysql-server/root_password password
secret"
debconf-set-selections <<< "mysql-server mysql-server/root_password_again
password secret"
However, the password is not being set:
+-----------+------+----------+-------------+
| Host | User | Password | plugin |
+-----------+------+----------+-------------+
| localhost | root | | unix_socket |
+-----------+------+----------+-------------+
I have purged all mariadb packages (including mysql database files) before
trying this.
Using
debconf-set-selections <<< "maria-db-10.1 mysql-server/root_password password
secret"
debconf-set-selections <<< "maria-db-10.1 mysql-server/root_password_again
password secret"
does not work either (same results as above).
Instructions regarding the root_password debconf value are still present
in the package control/postinst file, however I have not found out yet
why this functionality is broken in this version.
-- System Information:
Debian Release: 9.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages mariadb-server-10.1 depends on:
ii adduser 3.115
ii debconf [debconf-2.0] 1.5.61
ii galera-3 25.3.19-2
ii gawk 1:4.1.4+dfsg-1
ii init-system-helpers 1.48
ii iproute2 4.9.0-1+deb9u1
ii libaio1 0.3.110-3
ii libc6 2.24-11+deb9u3
ii libdbi-perl 1.636-1+b1
ii libpam0g 1.1.8-3.6
ii libstdc++6 6.3.0-18+deb9u1
ii libsystemd0 232-25+deb9u6
ii lsb-base 9.20161125
ii lsof 4.89+dfsg-0.1
ii mariadb-client-10.1 10.1.37-0+deb9u1
ii mariadb-common 10.1.37-0+deb9u1
ii mariadb-server-core-10.1 10.1.37-0+deb9u1
ii passwd 1:4.4-4.1
ii perl 5.24.1-3+deb9u5
ii psmisc 22.21-2.1+b2
ii rsync 3.1.2-1+deb9u1
ii socat 1.7.3.1-2+deb9u1
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages mariadb-server-10.1 recommends:
ii libhtml-template-perl 2.95-2
-- debconf information:
mariadb-server-10.1/nis_warning:
mariadb-server-10.1/old_data_directory_saved:
mariadb-server-10.1/postrm_remove_databases: false
--- End Message ---
--- Begin Message ---
Tags: wontfix
Setting passwords via debconf is a hack and security risk. You should
try to avoid that. Thanks to changes in Debian for MariaDB 10.0 this
security issue is not a concern anymore thanks to the use of socket
authentication for the default root and system maintenance user.
See also:
*
https://www.slideshare.net/ottokekalainen/less-passwords-more-security-unix-socket-authentication-and-other-mariadb-hardening-tips
*
https://salsa.debian.org/mariadb-team/mariadb-10.0/blob/jessie/debian/mariadb-server-10.0.README.Debian
* https://jira.mariadb.org/browse/MDEV-8375
* https://jira.mariadb.org/browse/MDEV-6284
This same improvement was supposed to land in upstream in 10.1, but
was postponed many releases and it is unclear if it will be in 10.4.
See details in https://jira.mariadb.org/browse/MDEV-11340
--- End Message ---
