From 81ae87575f54c4c4574e54badf4c354697008e92 Mon Sep 17 00:00:00 2001 From: Patrick Carlo-Hickman Date: Fri, 2 Feb 2024 17:02:55 -0500 Subject: [PATCH] Update mysql install to allow setting the default authentication plugin. --- setup/.env.example | 3 +++ setup/installers/install-mysql.sh | 20 +++++++++++++++++++- todo.txt | 7 ------- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/setup/.env.example b/setup/.env.example index bf26198..f116f12 100755 --- a/setup/.env.example +++ b/setup/.env.example @@ -30,6 +30,9 @@ MYSQL_VERSION="8.0" MYSQL_ROOT_PASSWORD= MYSQL_USER_NAME= MYSQL_USER_PASSWORD= +# Optional - if specified, set the default_authentication_plugin server variable +# Can be one of (for 8.0): mysql_native_password, sha256_password, caching_sha2_password (default) +# MYSQL_AUTH_PLUGIN="mysql_native_password" # install-ngrok.sh NGROK_DIRECTORY="/opt/ngrok" diff --git a/setup/installers/install-mysql.sh b/setup/installers/install-mysql.sh index 31a1285..2fd88f4 100755 --- a/setup/installers/install-mysql.sh +++ b/setup/installers/install-mysql.sh @@ -7,6 +7,7 @@ ensure_not_installed "MySQL" ensure_variable_set "WSL_USER" readonly WSL_USER +readonly MYSQL_AUTH_PLUGIN readonly MYSQL_VERSION="${MYSQL_VERSION:-8.0}" readonly MYSQL_PACKAGE="mysql-server-${MYSQL_VERSION}" readonly MYSQL_ROOT_PASSWORD="${MYSQL_ROOT_PASSWORD:-root}" @@ -31,6 +32,16 @@ log_info "Setting up mysql user home directory." # Set the home directory for the mysql user to prevent startup warnings. usermod -d /var/lib/mysql/ mysql +# Set the default authentication plugin if specified. +if [[ -n "${MYSQL_AUTH_PLUGIN}" ]]; then + log_info "Setting up mysql default authentication plugin." + + cat << EOF > "/etc/mysql/mysql.conf.d/auth.cnf" +[mysqld] +default_authentication_plugin=${MYSQL_AUTH_PLUGIN} +EOF +fi + log_info "Starting MySQL server." # Make sure it is started @@ -57,6 +68,13 @@ mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql mysql log_info "Securing MySQL install and initializing users." +# Identify the user with the authentication plugin if specified. +if [[ -n "${MYSQL_AUTH_PLUGIN}" ]]; then + readonly MYSQL_USER_IDENTIFY_WITH="WITH ${MYSQL_AUTH_PLUGIN}" +else + readonly MYSQL_USER_IDENTIFY_WITH="" +fi + # Run initial queries to secure the install and to create the initial user mysql << EOF DELETE FROM mysql.user WHERE user = ''; @@ -65,7 +83,7 @@ DROP DATABASE IF EXISTS test; DELETE FROM mysql.db WHERE db = 'test' OR db = 'test\\_%'; FLUSH PRIVILEGES; -CREATE USER '${MYSQL_USER_NAME}'@'%' IDENTIFIED BY '${MYSQL_USER_PASSWORD}'; +CREATE USER '${MYSQL_USER_NAME}'@'%' IDENTIFIED ${MYSQL_USER_IDENTIFY_WITH} BY '${MYSQL_USER_PASSWORD}'; FLUSH PRIVILEGES; EOF diff --git a/todo.txt b/todo.txt index d4ff6fa..3e8957f 100644 --- a/todo.txt +++ b/todo.txt @@ -84,12 +84,5 @@ port=3307 [client] port=3307 - -# use native passwords in mysql 8.0 -cat /etc/mysql/mysql.conf.d/auth.cnf -[mysqld] -default_authentication_plugin=mysql_native_password - -CREATE USER '${MYSQL_USER_NAME}'@'%' IDENTIFIED WITH mysql_native_password BY '${MYSQL_USER_PASSWORD}'; ===================================== =====================================