Cleaned up rpm display messages

2025-02-21 02:01:24 +00:00 · 2023-09-18 16:48:29 -04:00 · 2023-09-18 16:48:29 -04:00 · 074dd1e746
commit 074dd1e746
parent 097c3e3dd3
6 changed files with 97 additions and 48 deletions
--- a/package/scripts/aca/aca_bootRun.sh
+++ b/package/scripts/aca/aca_bootRun.sh
@ -73,7 +73,7 @@ fi

 set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters

-source $SCRIPT_DIR/../db/start_mysqld.sh
+source $SCRIPT_DIR/../db/mysql_util.sh

 if [ $ALG = "RSA" ]; then 
   CERT_PATH="/etc/hirs/certificates/HIRS/$RSA_PATH"
--- a/package/scripts/aca/aca_check_setup.sh
+++ b/package/scripts/aca/aca_check_setup.sh
@ -37,6 +37,7 @@ DB_SRV_CONF="/etc/my.cnf.d/mariadb-server.cnf"
 DB_CLIENT_CONF="/etc/my.cnf.d/client.cnf"
 ALL_CHECKS_PASSED=true
 ALL_CERTS_PASSED=true
+source $SCRIPT_DIR/../db/mysql_util.sh

 # Check for Admin privileges
 if [ "$EUID" -ne 0 ]; then
@ -65,6 +66,7 @@ while [[ $# -gt 0 ]]; do
  esac
 done

+echo "Checking HIRS ACA Setup on this device..."
 # Check if aca setup was performed
  # Check is RPM was installed via RPM package 
  rpm -q --quiet HIRS_AttestationCA
@ -78,15 +80,18 @@ done
    else
      echo "HIRS ACA was NOT installed via rpm package on this device" 
  fi
-   # Check install setup pki files
+
+# Check install setup pki files
  if [ ! -d $CERT_PATH ]; then
-      echo "  $CERT_PATH directory does not exist. Exiting..."
+      check_db_cleared
+      echo "  $CERT_PATH directory does not exist."
+      echo " Exiting..."
      echo "Please run aca_setup.sh and try again"
      exit 1;
  fi

 source /etc/hirs/aca/aca.properties;
-source $SCRIPT_DIR/../db/start_mysqld.sh
+

 check_pwds () {

@ -266,7 +271,7 @@ check_fips () {
   echo "   "$(sysctl -a | grep crypto.fips_enabled)
 }
 # Run Checks
-check_for_container
+check_for_container -p
 check_pwds
 check_pki
 check_mysql_setup
--- a/package/scripts/aca/aca_remove_setup.sh
+++ b/package/scripts/aca/aca_remove_setup.sh
@ -14,15 +14,16 @@ if [ "$EUID" -ne 0 ]; then
      echo "This script requires root.  ACA setup not removed. Please run as root."
      exit 1
 fi
-if [ ! -f /etc/hirs/aca/aca.properties ]; then
-      echo "aca.properties does not exist, aborting."
-      exit 1
-fi
+
+source $SCRIPT_DIR/../db/mysql_util.sh
+
+# Make sure myswl root password is available and set $DB_ADIM_PWD before continuing...
+check_mysql_root

 # remove the hrs-db and hirs_db user
-pushd $SCRIPT_DIR/../db/
-sh db_drop.sh
-popd
+pushd $SCRIPT_DIR/../db/  &>/dev/null
+sh db_drop.sh $DB_ADMIN_PWD
+popd  &>/dev/null

 # remove pki files and config files
 echo "Removing certificates and config files..."
--- a/package/scripts/db/db_create.sh
+++ b/package/scripts/db/db_create.sh
@ -34,7 +34,7 @@ touch $DB_SRV_CONF
 mkdir -p /etc/hirs/aca/
 mkdir -p /var/log/hirs/

-source $SCRIPT_DIR/start_mysqld.sh
+source $SCRIPT_DIR/mysql_util.sh
 source $ACA_PROP_FILE 

 check_mysql_root_pwd () {
@ -66,7 +66,7 @@ check_mysql_root_pwd () {
  # Make sure root password is correct
  $(mysql -u root -p$DB_ADMIN_PWD -e 'quit'  &> /dev/null);
  if [ $? -eq 0 ]; then
-     echo "root password verified"  | tee -a "$LOG_FILE"
+     echo "Mysql root password verified"  | tee -a "$LOG_FILE"
  else
     echo "MYSQL root password was not the default, not supplied,  or was incorrect"
     echo "      please set the HIRS_MYSQL_ROOT_PWD system variable and retry."
@ -147,7 +147,7 @@ create_hirs_db_with_tls () {

 # HIRS ACA Mysqld processing ...
 check_mariadb_install
-check_for_container
+check_for_container -p
 set_mysql_server_tls
 set_mysql_client_tls
 start_mysqlsd
--- a/package/scripts/db/db_drop.sh
+++ b/package/scripts/db/db_drop.sh
@ -4,9 +4,10 @@ SRV_CNF=/etc/my.cnf.d/mariadb-server.cnf
 CLIENT_CNF=/etc/my.cnf.d/client.cnf
 SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )";)
 LOG_FILE=/dev/null
+DB_ADMIN_PWD=$1

-source /etc/hirs/aca/aca.properties;
-source $SCRIPT_DIR/start_mysqld.sh
+#source /etc/hirs/aca/aca.properties;
+source $SCRIPT_DIR/mysql_util.sh

 # Check for sudo or root user, not actually needed but a good idea 
 if [ "$EUID" -ne 0 ]
@ -14,12 +15,6 @@ if [ "$EUID" -ne 0 ]
     exit 1
 fi

-if [ -z $mysql_admin_password ]; then
-  read -p "Enter mysql root password" DB_ADMIN_PWD
-  else 
-      DB_ADMIN_PWD=$mysql_admin_password
-fi
-
 if [ -d /opt/hirs/scripts/db ]; then
    MYSQL_DIR="/opt/hirs/scripts/db"
  else
@ -29,7 +24,7 @@ fi
 echo "dropping hirs_db database"

 if pgrep  mysqld >/dev/null 2>&1; then
-     mysql -u root --password=$DB_ADMIN_PWD  -e "FLUSH HOSTS; FLUSH LOGS; FLUSH STATUS; FLUSH PRIVILEGES; FLUSH USER_RESOURCES"
+     mysql -u root --password=$DB_ADMIN_PWD -e "FLUSH HOSTS; FLUSH LOGS; FLUSH STATUS; FLUSH PRIVILEGES; FLUSH USER_RESOURCES"
     mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
     mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
     echo "hirs_db database and hirs_db user removed"
@ -38,14 +33,10 @@ if pgrep  mysqld >/dev/null 2>&1; then
 fi

 # reset the mysql root if the password was left in the properties fiel
-if [ ! -z $mysql_admin_password ]; then
+if [ ! -z $DB_ADMIN_PWD ]; then
     echo "Resetting mysql root password to empty"
-     mysql -u root --password=$mysql_admin_password -e "SET PASSWORD FOR "root@localhost" = PASSWORD('');"
-     echo "Current list of databases:"
+     mysql -u root --password=$DB_ADMIN_PWD -e "SET PASSWORD FOR "root@localhost" = PASSWORD('');"
     mysql -u "root" -e "FLUSH LOGS;"
-     mysql -u "root" -e "SHOW DATABASES;"
-     echo "Current list of users:"
-     mysql -u root -e "Select user from mysql.user;"
   else
     echo "Note root password was NOT reset"
 fi
@ -62,5 +53,3 @@ mysql -u root -e "SHUTDOWN"
 sleep 2
 check_for_container
 start_mysqlsd
-
-mysql -u root -e "SHOW VARIABLES LIKE '%ssl%'"
--- a/package/scripts/db/start_mysqld.sh
+++ b/package/scripts/db/start_mysqld.sh
@ -7,15 +7,18 @@
 #####################################################################################
 SQL_SERVICE="mariadb"

+# Checks to see if running in a container
+# -p to print status
 check_for_container () {
+  PRINT_STATUS=$1
  # Check if we're in a Docker container
  if [[ $(cat /proc/1/sched | head -n 1) == *"bash"* ]]; then  
  #if [ -f /.dockerenv ]; then
    DOCKER_CONTAINER=true
-    echo "ACA is running in a container..." | tee -a "$LOG_FILE"
+    if [[ $PRINT_STATUS == "-p" ]]; then echo "ACA is running in a container..." | tee -a "$LOG_FILE"; fi
  else
    DOCKER_CONTAINER=false
-    echo "ACA is not running in a container..." | tee -a "$LOG_FILE"
+    if [[ $PRINT_STATUS == "-p" ]]; then  echo "ACA is not running in a container..." | tee -a "$LOG_FILE"; fi
  fi
  if [ -d /opt/hirs/scripts/db ]; then
    MYSQL_DIR="/opt/hirs/scripts/db"
@ -36,24 +39,24 @@ check_mariadb_install () {
 }
 # Starts mariadb during intial install 
 start_mysqlsd () {
+  PRINT_STATUS=$1
   # Check if mysql is already running, if not initialize
   if [[ $(pgrep -c -u mysql mysqld) -eq 0 ]]; then
   # Check if running in a container
      if [ $DOCKER_CONTAINER  = true ]; then
      # if in Docker container, avoid services that invoke the D-Bus
-      echo "ACA is running in a container..."
         # Check if mariadb is setup
         if [ ! -d "/var/lib/mysql/mysql/" ]; then
           echo "Installing mariadb"
-           /usr/bin/mysql_install_db > "$LOG_FILE"
-           chown -R mysql:mysql /var/lib/mysql/
+           /usr/bin/mysql_install_db & >> "$LOG_FILE"
+           chown -R mysql:mysql /var/lib/mysql/ & >> "$LOG_FILE"
         fi
-         echo "Starting mysql...."
-         chown -R mysql:mysql /var/log/mariadb
-         /usr/bin/mysqld_safe &
+          if [[ $PRINT_STATUS == "-p" ]]; then echo "Starting mysql..."; fi
+         chown -R mysql:mysql /var/log/mariadb >> "$LOG_FILE";
+         /usr/bin/mysqld_safe & >> "$LOG_FILE"; 
       else #not a container
-         systemctl enable $SQL_SERVICE 
-         systemctl start $SQL_SERVICE 
+         systemctl enable $SQL_SERVICE & >> "$LOG_FILE";
+         systemctl start $SQL_SERVICE & >> "$LOG_FILE";
       fi
     else # mysql process is running
     # check if mysql service is running 
@ -61,18 +64,18 @@ start_mysqlsd () {
     DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
       if [ $DB_STATUS -eq 0 ]; then 
         echo "mariadb not running , attempting to restart"
-         systemctl start mariadb
+         systemctl start mariadb & >> "$LOG_FILE";
       fi
     fi
   fi   

  # Wait for mysql to start before continuing.
-  echo "Checking mysqld status..."| tee -a "$LOG_FILE"
+  if [[ $PRINT_STATUS == "-p" ]]; then  echo "Checking mysqld status..."| tee -a "$LOG_FILE"; fi
  while ! mysqladmin ping -h "$localhost" --silent; do
  sleep 1;
  done

-  echo "mysqld is running."| tee -a "$LOG_FILE"
+ if [[ $PRINT_STATUS == "-p" ]]; then  echo "mysqld is running."| tee -a "$LOG_FILE"; fi
 }

 # Basic check for marai db status, attempts restart if not running
@ -81,7 +84,7 @@ check_mysql () {
  if [ $DOCKER_CONTAINER  = true ]; then
       if [[ $(pgrep -c -u mysql mysqld) -eq 0 ]]; then
          echo "mariadb not running , attempting to restart"
-          /usr/bin/mysqld_safe &
+          /usr/bin/mysqld_safe & >> "$LOG_FILE"
       fi
  else  # not in a contianer
    DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
@ -96,11 +99,62 @@ check_mysql () {
  while ! mysqladmin ping -h "$localhost" --silent; do
     sleep 1;
  done
-
  echo "   Mariadb is running."
-
 }

+# Check for mysql root password , abort if not available 
+check_mysql_root () {
+  if [ -z $HIRS_MYSQL_ROOT_PWD ]; then
+    if [ ! -f /etc/hirs/aca/aca.properties ]; then
+      echo "aca.properties does not exist."
+    else
+      source /etc/hirs/aca/aca.properties;
+      DB_ADMIN_PWD=$mysql_admin_password
+    fi
+  else  #HIRS_MYSQL_ROOT_PWD set
+  DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
+fi
+
+# Allow user to enter password if not using env variabel or file
+if [ -z $DB_ADMIN_PWD ]; then
+  read -p "Enter mysql root password" DB_ADMIN_PWD
+  else 
+      DB_ADMIN_PWD=$mysql_admin_password
+fi
+
+# Make sure root password is correct
+$(mysql -u root -p$DB_ADMIN_PWD -e 'quit'  &> /dev/null);
+  if [ $? -eq 0 ]; then
+     echo "root password verified"  | tee -a "$LOG_FILE"
+  else
+     echo "MYSQL root password was not the default, not supplied,  or was incorrect"
+     echo "      please set the HIRS_MYSQL_ROOT_PWD system variable and retry."
+     echo "      ********** ACA Mysql setup aborted ********" ;
+     exit 1;
+  fi
+}
+
+check_db_cleared () {
+   $(mysql -u root -e 'quit'  &> /dev/null);
+   if [ $? -eq 0 ]; then
+     echo "  Empty root password verified"  | tee -a "$LOG_FILE"
+   else
+     echo "  Mysql Root password is not empty"
+   fi
+   HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
+   if [ $HIRS_DB_USER_EXISTS = 1 ]; then
+     echo "  hirs_db user exists"
+     else
+     echo "  hirs_db user does not exist"
+     
+   fi
+   HIRS_DB_EXISTS=`mysql -uroot -e "SHOW DATABASES" | grep hirs_db`
+   if [[ $HIRS_DB_EXISTS == "hirs_db" ]]; then 
+      echo "  hirs_db databse exists"
+    else 
+      echo "  hirs_db database does not exists"
+   fi
+}
 # restart maraidb
 mysqld_reboot () {
  # reboot mysql server