From b85142cdd9623c78c904dbb99c258ebf2424c32c Mon Sep 17 00:00:00 2001
From: Brian Evans <grknight@gentoo.org>
Date: Wed, 20 Jul 2016 12:34:15 -0400
Subject: dev-db/mysql-init-scripts: Revbump for bug 587416

Package-Manager: portage-2.3.0
---
 dev-db/mysql-init-scripts/files/mysqld-v2.service  | 20 ++++++-
 .../mysql-init-scripts/files/mysqld_at-v2.service  | 21 ++++++-
 .../mysql-init-scripts-2.1-r1.ebuild               | 64 ++++++++++++++++++++++
 .../mysql-init-scripts-2.1.ebuild                  | 64 ----------------------
 4 files changed, 102 insertions(+), 67 deletions(-)
 create mode 100644 dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild
 delete mode 100644 dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild

(limited to 'dev-db/mysql-init-scripts')

diff --git a/dev-db/mysql-init-scripts/files/mysqld-v2.service b/dev-db/mysql-init-scripts/files/mysqld-v2.service
index 12f773155a64..056b4137dabc 100644
--- a/dev-db/mysql-init-scripts/files/mysqld-v2.service
+++ b/dev-db/mysql-init-scripts/files/mysqld-v2.service
@@ -18,10 +18,28 @@ ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID
 TimeoutSec=300
 
 # We rely on systemd, not mysqld_safe, to restart mysqld if it dies
-Restart=always
+# Restart crashed server only, on-failure would also restart, for example, when
+# my.cnf contains unknown option
+Restart=on-abort
+RestartSec=5s
 
 # Place temp files in a secure directory, not /tmp
 PrivateTmp=true
 
+# To allow memlock to be used as non-root user if set in configuration
+CapabilityBoundingSet=CAP_IPC_LOCK
+
+# Prevent writes to /usr, /boot, and /etc
+ProtectSystem=full
+
+NoNewPrivileges=true
+
+PrivateDevices=true
+
+# Prevent accessing /home, /root and /run/user
+ProtectHome=true
+
+UMask=007
+
 [Install]
 WantedBy=multi-user.target
diff --git a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
index 4c6a8caf46d7..770a2e8d4dde 100644
--- a/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
+++ b/dev-db/mysql-init-scripts/files/mysqld_at-v2.service
@@ -16,11 +16,28 @@ ExecStartPost=/usr/libexec/mysqld-wait-ready $MAINPID
 # Give a reasonable amount of time for the server to start up/shut down
 TimeoutSec=300
 
-# We rely on systemd, not mysqld_safe, to restart mysqld if it dies
-Restart=always
+# Restart crashed server only, on-failure would also restart, for example, when
+# my.cnf contains unknown option
+Restart=on-abort
+RestartSec=5s
 
 # Place temp files in a secure directory, not /tmp
 PrivateTmp=true
 
+# To allow memlock to be used as non-root user if set in configuration
+CapabilityBoundingSet=CAP_IPC_LOCK
+
+# Prevent writes to /usr, /boot, and /etc
+ProtectSystem=full
+
+NoNewPrivileges=true
+
+PrivateDevices=true
+
+# Prevent accessing /home, /root and /run/user
+ProtectHome=true
+
+UMask=007
+
 [Install]
 WantedBy=multi-user.target
diff --git a/dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild b/dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild
new file mode 100644
index 000000000000..dad018dc8dc6
--- /dev/null
+++ b/dev-db/mysql-init-scripts/mysql-init-scripts-2.1-r1.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit systemd s6
+
+DESCRIPTION="Gentoo MySQL init scripts."
+HOMEPAGE="https://www.gentoo.org/"
+SRC_URI=""
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+IUSE=""
+
+DEPEND=""
+# This _will_ break with MySQL 5.0, 4.x, 3.x
+# It also NEEDS openrc for the save_options/get_options builtins.
+# The s6 support was added after openrc 0.16.2
+RDEPEND="
+	!<dev-db/mysql-5.1
+	!<sys-apps/openrc-0.16.2
+	"
+# Need to set S due to PMS saying we need it existing, but no SRC_URI
+S=${WORKDIR}
+
+src_install() {
+	newconfd "${FILESDIR}/conf.d-2.0" "mysql"
+
+	# s6 init scripts
+	if use amd64 || use x86 ; then
+		newconfd "${FILESDIR}/conf.d-2.0" "mysql-s6"
+		newinitd "${FILESDIR}/init.d-s6" "mysql-s6"
+		s6_install_service mysql "${FILESDIR}/run-s6"
+		s6_install_service mysql/log "${FILESDIR}/log-s6"
+	fi
+
+	newinitd "${FILESDIR}/init.d-2.0" "mysql"
+
+	# systemd unit installation
+	exeinto /usr/libexec
+	doexe "${FILESDIR}"/mysqld-wait-ready
+	systemd_newunit "${FILESDIR}/mysqld-v2.service" "mysqld.service"
+	systemd_newunit "${FILESDIR}/mysqld_at-v2.service" "mysqld@.service"
+	systemd_dotmpfilesd "${FILESDIR}/mysql.conf"
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/logrotate.mysql" "mysql"
+}
+
+pkg_postinst() {
+	if use amd64 || use x86 ; then
+		einfo ""
+		elog "To use the mysql-s6 script, you need to install the optional sys-apps/s6 package."
+		elog "If you wish to use s6 logging support, comment out the log-error setting in your my.cnf"
+	fi
+
+	einfo ""
+	elog "Starting with version 10.1.8, MariaDB includes an improved systemd unit named mariadb.service"
+	elog "You should prefer that unit over this package's mysqld.service."
+	einfo ""
+}
diff --git a/dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild b/dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild
deleted file mode 100644
index dad018dc8dc6..000000000000
--- a/dev-db/mysql-init-scripts/mysql-init-scripts-2.1.ebuild
+++ /dev/null
@@ -1,64 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-inherit systemd s6
-
-DESCRIPTION="Gentoo MySQL init scripts."
-HOMEPAGE="https://www.gentoo.org/"
-SRC_URI=""
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
-IUSE=""
-
-DEPEND=""
-# This _will_ break with MySQL 5.0, 4.x, 3.x
-# It also NEEDS openrc for the save_options/get_options builtins.
-# The s6 support was added after openrc 0.16.2
-RDEPEND="
-	!<dev-db/mysql-5.1
-	!<sys-apps/openrc-0.16.2
-	"
-# Need to set S due to PMS saying we need it existing, but no SRC_URI
-S=${WORKDIR}
-
-src_install() {
-	newconfd "${FILESDIR}/conf.d-2.0" "mysql"
-
-	# s6 init scripts
-	if use amd64 || use x86 ; then
-		newconfd "${FILESDIR}/conf.d-2.0" "mysql-s6"
-		newinitd "${FILESDIR}/init.d-s6" "mysql-s6"
-		s6_install_service mysql "${FILESDIR}/run-s6"
-		s6_install_service mysql/log "${FILESDIR}/log-s6"
-	fi
-
-	newinitd "${FILESDIR}/init.d-2.0" "mysql"
-
-	# systemd unit installation
-	exeinto /usr/libexec
-	doexe "${FILESDIR}"/mysqld-wait-ready
-	systemd_newunit "${FILESDIR}/mysqld-v2.service" "mysqld.service"
-	systemd_newunit "${FILESDIR}/mysqld_at-v2.service" "mysqld@.service"
-	systemd_dotmpfilesd "${FILESDIR}/mysql.conf"
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/logrotate.mysql" "mysql"
-}
-
-pkg_postinst() {
-	if use amd64 || use x86 ; then
-		einfo ""
-		elog "To use the mysql-s6 script, you need to install the optional sys-apps/s6 package."
-		elog "If you wish to use s6 logging support, comment out the log-error setting in your my.cnf"
-	fi
-
-	einfo ""
-	elog "Starting with version 10.1.8, MariaDB includes an improved systemd unit named mariadb.service"
-	elog "You should prefer that unit over this package's mysqld.service."
-	einfo ""
-}
-- 
cgit v1.2.3