Bug 206612 - databases/mysql57-server should remind the user of the autogenerated, random root password
Summary: databases/mysql57-server should remind the user of the autogenerated, random ...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Mahdi Mokhtari
URL:
Keywords:
Depends on: 205956
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-25 15:07 UTC by Trond.Endrestol
Modified: 2016-09-09 13:16 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (mmokhi)
riggs: merge-quarterly+


Attachments
Show autogenerated password WHEN it is created. (1.28 KB, patch)
2016-09-05 11:01 UTC, Melvyn Sopacua
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Trond.Endrestol 2016-01-25 15:07:40 UTC
databases/mysql57-server should remind the user of the autogenerated, random root password stored in ~/.mysql_secret, which is generated upon bootstrapping MySQL 5.7. pkg-message is a good candidate.
Comment 1 Mahdi Mokhtari freebsd_committer freebsd_triage 2016-01-25 15:42:57 UTC
(In reply to Trond.Endrestol from comment #0)
Hi thanks for your feedback :)
I've solve this by a patch, just waiting to be committed :D
Comment 2 Thomas Zander freebsd_committer 2016-02-03 23:23:11 UTC
Fixed in r408005 via patch provided in bug 205956.

MFH into 2016Q1 requested in r408005.
Comment 3 commit-hook freebsd_committer 2016-02-04 06:17:06 UTC
A commit references this bug:

Author: riggs
Date: Thu Feb  4 06:16:30 UTC 2016
New revision: 408012
URL: https://svnweb.freebsd.org/changeset/ports/408012

Log:
  MFH: r408005

  - Fix plist
    - binary_log_types.h is now installed only by client, not server
    - lib/mysql/plugin/ha_example.so is only installed if
      EXAMPLES OPTION is turned off
  - Bump PORTREVISION
  - Allow slave port to override PORTREVISION if necessary
  - Deactivate performance_schema feature to conserve memory
  - Add notes to pkg-message:
    - root password
    - performance_schema feature is deactivated by default to reduce
      memory footprint
  - Allow port to build while boost-libs-1.55 is installed

  PR:		205956 206065 206612 206879
  Submitted by:	smh
  Reviewed by:	mokhi64@gmail.com (maintainer)
  Approved by:	ports-secteam (feld), mokhi64@gmail.com (maintainer)

Changes:
_U  branches/2016Q1/
  branches/2016Q1/databases/mysql57-client/Makefile
  branches/2016Q1/databases/mysql57-client/files/patch-include_CMakeLists.txt
  branches/2016Q1/databases/mysql57-client/pkg-plist
  branches/2016Q1/databases/mysql57-server/Makefile
  branches/2016Q1/databases/mysql57-server/files/mysql-server.in
  branches/2016Q1/databases/mysql57-server/files/patch-include_CMakeLists.txt
  branches/2016Q1/databases/mysql57-server/pkg-message
  branches/2016Q1/databases/mysql57-server/pkg-plist
Comment 4 Melvyn Sopacua 2016-09-05 11:01:44 UTC
Created attachment 174385 [details]
Show autogenerated password WHEN it is created.

I don't consider the pkg-message fix a good solution. Firstly, it assumes the installer is the same as the user starting MySQL or communicating (not the default case in a hosting/user relationship). Secondly, I completely missed this, as pkg(8) groups all package messages, and this one had scrolled out of my terminal history when installing a fresh jail with a large set of tools. And thirdly, all package messages are always shown by pkg(8) creating message blindness (this is out of the scope of this bug but should be considered when breaking a long standing practice).

The fix in the patch shows the password when the command is run and also does not use the deprecated mysql_install_db command anymore. Since this output is very limited and it's much more likely the attention of the user is at the screen at that time, this has less chances of failing.
Comment 5 Melvyn Sopacua 2016-09-09 13:16:38 UTC
And last but not least:
$USER may have privileges to run `sudo service mysql-server start`, but not `sudo cat /root/.mysql_secret` making the file useless.

Can this report be re-opened or shall I create a new one?