docker-library
diff --git a/‎.template.Debian/docker-entrypoint.sh
+102-90 b/‎.template.Debian/docker-entrypoint.sh
+102-90
@@ -4,7 +4,7 @@ shopt -s nullglob
 
 # logging functions
 mysql_log() {
-	local type=$1;shift
+	local type="$1"; shift
 	printf "$(date --rfc-3339=seconds) [${type}] [Entrypoint]: $@\n"
 }
 mysql_note() {
@@ -18,22 +18,6 @@ mysql_error() {
 	exit 1
 }
 
-# if command starts with an option, prepend mysqld
-if [ "${1:0:1}" = '-' ]; then
-	set -- mysqld "$@"
-fi
-
-# skip setup if they want an option that stops mysqld
-wantHelp=
-for arg; do
-	case "$arg" in
-		-'?'|--help|--print-defaults|-V|--version)
-			wantHelp=1
-			break
-			;;
-	esac
-done
-
 # usage: file_env VAR [DEFAULT]
 #    ie: file_env 'XYZ_DB_PASSWORD' 'example'
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
@@ -55,25 +39,28 @@ file_env() {
 	unset "$fileVar"
 }
 
-# usage: docker_process_init_files FILENAME MYSQLCOMMAND...
-#    ie: docker_process_init_files foo.sh mysql -uroot
-# (process a single initializer file, based on its extension. we define this
-# function here, so that initializer scripts (*.sh) can use the same logic,
-# potentially recursively, or override the logic used in subsequent calls)
+# usage: docker_process_init_files [file [file [...]]]
+#    ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions
 docker_process_init_files() {
-	local f="$1"; shift
-
-	case "$f" in
-		*.sh)     mysql_note "$0: running $f"; . "$f" ;;
-		*.sql)    mysql_note "$0: running $f"; docker_process_sql "$(cat $f)"; echo ;;
-		*.sql.gz) mysql_note "$0: running $f"; docker_process_sql "$(gunzip -c $f)"; echo ;;
-		*)        mysql_warn "$0: ignoring $f" ;;
-	esac
+	# mysql here for backwards compatibility "${mysql[@]}"
+	mysql=( docker_process_sql )
+
 	echo
+	local f
+	for f; do
+		case "$f" in
+			*.sh)     mysql_note "$0: running $f"; . "$f" ;;
+			*.sql)    mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
+			*.sql.gz) mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
+			*)        mysql_warn "$0: ignoring $f" ;;
+		esac
+		echo
+	done
 }
 
 mysql_check_config() {
-	toRun=( "$@" --verbose --help )
+	local toRun=( "$@" --verbose --help ) errors
 	if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
 		mysql_error "mysqld failed while attempting to check config\n\tcommand was: ${toRun[*]}\n\t$errors"
 	fi
@@ -85,13 +72,13 @@ mysql_check_config() {
 mysql_get_config() {
 	local conf="$1"; shift
 	"$@" --verbose --help --log-bin-index="$(mktemp -u)" 2>/dev/null \
-		| awk '$1 == "'"$conf"'" && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+		| awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
 	# match "datadir      /some/path with/spaces in/it here" but not "--xyz=abc\n     datadir (xyz)"
 }
 
 # Do a temporary startup of the MySQL server, for init purposes
 docker_temp_server_start() {
-	result=0
+	local result=0
 	%%SERVERSTARTUP%%
 	if [ "$result" != "0" ];then
 		mysql_error "Unable to start server. Status code $result."
@@ -100,8 +87,9 @@ docker_temp_server_start() {
 	# For 5.7+ the server is ready for use as soon as startup command unblocks
 	if [ "${MYSQL_MAJOR}" = "5.5" ] || [ "${MYSQL_MAJOR}" = "5.6" ]; then
 		mysql_note "Waiting for server startup"
+		local i
 		for i in {30..0}; do
-			if docker_process_sql "SELECT 1" &> /dev/null; then
+			if docker_process_sql --database=mysql <<<'SELECT 1' &> /dev/null; then
 				break
 			fi
 			sleep 1
@@ -115,8 +103,8 @@ docker_temp_server_start() {
 # Stop the server. When using a local socket file mysqladmin will block until
 # the shutdown is complete.
 docker_temp_server_stop() {
-	result=0
-	mysqladmin --defaults-extra-file="${PASSFILE}" shutdown -uroot --socket="${SOCKET}" || result=$?
+	local result=0
+	mysqladmin --defaults-extra-file=<( echo "${PASSFILE}" ) shutdown -uroot --socket="${SOCKET}" || result=$?
 	if [ "$result" != "0" ]; then
 		mysql_error "Unable to shut down server. Status code $result."
 	fi
@@ -129,10 +117,23 @@ docker_verify_minimum_env() {
 	fi
 }
 
-# Creates and initializes the database directory
+# creates folders for the database
+# also ensures permission for user mysql of run as root
 docker_create_db_directories() {
+	local user; user="$(id -u)"
+
+	# TODO other directories that are used by default? like /var/lib/mysql-files
+	# see https://github.com/docker-library/mysql/issues/562
 	mkdir -p "$DATADIR"
 
+	if [ "$user" = "0" ]; then
+		# this will cause less disk access than `chown -R`
+		find "$DATADIR" \! -user mysql -exec chown mysql '{}' +
+	fi
+}
+
+# initializes the database directory
+docker_init_database_dir() {
 	mysql_note "Initializing database files"
 	%%DATABASEINIT%%
 	mysql_note "Database files initialized"
@@ -150,11 +151,7 @@ docker_setup_env() {
 	# Get config
 	DATADIR="$(mysql_get_config 'datadir' "$@")"
 	SOCKET="$(mysql_get_config 'socket' "$@")"
-	
-	# We create a file to store the root password in so we don''t use it on the command line
-	TMPDIR="$(mktemp -d)"
-	PASSFILE="$(mktemp ${TMPDIR}/XXXXXXXXXX)"
-	
+
 	# Initialize values that might be stored in a file
 	file_env 'MYSQL_ROOT_HOST' '%'
 	file_env 'MYSQL_DATABASE'
@@ -163,27 +160,25 @@ docker_setup_env() {
 	file_env 'MYSQL_ROOT_PASSWORD'
 }
 
-# Execute sql script
+# Execute sql script, passed via stdin
+# usage: docker_process_sql [mysql-cli-args]
+#    ie: docker_process_sql --database=mydb <<<'INSERT ...'
+#    ie: docker_process_sql --database=mydb <my-file.sql
 docker_process_sql() {
-	SQL=$1
-	DB=$2
-	if [ -z "$SQL" ]; then
-		mysql_error "Empty sql script provided"
+	# args sent in can override this db, since they will be later in the command
+	if [ -n "$MYSQL_DATABASE" ]; then
+		set -- --database="$MYSQL_DATABASE" "$@"
 	fi
-	echo "$SQL" | mysql --defaults-file="${PASSFILE}" --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$DB"
-}
 
-# Define the client command that's used in various places
-docker_init_client_command() {
-	mysql=( mysql --defaults-file="${PASSFILE}" --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" )
+	mysql --defaults-file=<( echo "${PASSFILE}" ) --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
 }
 
 # Initializes database with timezone info and root password, plus optional extra db/user
 docker_setup_db() {
 	# Load timezone info into database
 	if [ -z "$MYSQL_INITDB_SKIP_TZINFO" ]; then
 		# sed is for https://bugs.mysql.com/bug.php?id=20545
-		docker_process_sql "$(mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/')" mysql
+		mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | docker_process_sql --database=mysql
 	fi
 	# Generate random root password
 	if [ ! -z "$MYSQL_RANDOM_ROOT_PASSWORD" ]; then
@@ -202,102 +197,117 @@ docker_setup_db() {
 		EOSQL
 	fi
 
-	docker_process_sql "
+	docker_process_sql --database=mysql <<-EOSQL
 		-- What's done in this file shouldn't be replicated
 		--  or products like mysql-fabric won't work
 		SET @@SESSION.SQL_LOG_BIN=0;
 
 		%%PASSWORDSET%%
 		GRANT ALL ON *.* TO 'root'@'localhost' WITH GRANT OPTION ;
+		FLUSH PRIVILEGES ;
 		${rootCreate}
 		DROP DATABASE IF EXISTS test ;
-		FLUSH PRIVILEGES ;
-	"
+	EOSQL
 
-	# Write the password to the file the client uses
+	# Write the password to the "file" the client uses
+	# the client command will use process substitution to create a file on the fly
+	# ie: --defaults-file=<( echo "${PASSFILE}" )
 	if [ ! -z "$MYSQL_ROOT_PASSWORD" ]; then
-		cat >"${PASSFILE}" <<EOF
-[client]
-password="${MYSQL_ROOT_PASSWORD}"
-EOF
+		read -r -d '' PASSFILE <<-EOF || true
+			[client]
+			password="${MYSQL_ROOT_PASSWORD}"
+		EOF
 	fi
 
 	# Creates a custom database and user if specified
 	if [ "$MYSQL_DATABASE" ]; then
 		mysql_note "Creating database ${MYSQL_DATABASE}"
-		docker_process_sql "CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;"
-		mysql+=( "$MYSQL_DATABASE" )
+		docker_process_sql --database=mysql <<<"CREATE DATABASE IF NOT EXISTS \`$MYSQL_DATABASE\` ;"
 	fi
 
 	if [ "$MYSQL_USER" -a "$MYSQL_PASSWORD" ]; then
 		mysql_note "Creating user ${MYSQL_USER}"
-		docker_process_sql "CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;"
+		docker_process_sql --database=mysql <<<"CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD' ;"
 
 		if [ "$MYSQL_DATABASE" ]; then
 			mysql_note "Giving user ${MYSQL_USER} access to schema ${MYSQL_DATABASE}"
-			docker_process_sql "GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;"
+			docker_process_sql --database=mysql <<<"GRANT ALL ON \`$MYSQL_DATABASE\`.* TO '$MYSQL_USER'@'%' ;"
 		fi
 
-		docker_process_sql "FLUSH PRIVILEGES ;"
+		docker_process_sql --database=mysql <<<"FLUSH PRIVILEGES ;"
 	fi
 }
 
 # Mark root user as expired so the password must be changed before anything
 # else can be done (only supported for 5.6+)
 mysql_expire_root_user() {
-	if [ "${MYSQL_MAJOR}" = "5.5" ]; then
-		mysql_warn "MySQL 5.5 does not support PASSWORD EXPIRE (required for MYSQL_ONETIME_PASSWORD)"
-	else
-		docker_process_sql "ALTER USER 'root'@'%' PASSWORD EXPIRE;"
+	if [ ! -z "$MYSQL_ONETIME_PASSWORD" ]; then
+		if [ "${MYSQL_MAJOR}" = "5.5" ]; then
+			mysql_warn "MySQL 5.5 does not support PASSWORD EXPIRE (required for MYSQL_ONETIME_PASSWORD)"
+		else
+			docker_process_sql --database=mysql <<-EOSQL
+				ALTER USER 'root'@'%' PASSWORD EXPIRE;
+			EOSQL
+		fi
 	fi
 }
 
+# check arguments for an option that would cause mysqld to stop
+# return true if there is one
+_want_help() {
+	local arg
+	for arg; do
+		case "$arg" in
+			-'?'|--help|--print-defaults|-V|--version)
+				return 0
+				;;
+		esac
+	done
+	return 1
+}
+
 _main() {
-	mysql_note "Entrypoint script for MySQL Server ${MYSQL_VERSION} started."
+	# if command starts with an option, prepend mysqld
+	if [ "${1:0:1}" = '-' ]; then
+		set -- mysqld "$@"
+	fi
+
+	# skip setup if they aren't running mysqld or want an option that stops mysqld
+	if [ "$1" = 'mysqld' ] && ! _want_help "$@"; then
+		mysql_note "Entrypoint script for MySQL Server ${MYSQL_VERSION} started."
 
-	if [ "$1" = 'mysqld' -a -z "$wantHelp" ]; then
 		# Load various environment variables
 		docker_setup_env "$@"
+		mysql_check_config "$@"
 
 		# If container is started as root user, restart as dedicated mysql user
-		if [ "$(id -u)" = '0' ]; then
-			mysql_check_config "$@"
-			mkdir -p "$DATADIR"
-			chown -R mysql:mysql "$DATADIR"
+		if [ "$(id -u)" = "0" ]; then
+			docker_create_db_directories
 			mysql_note "Switching to dedicated user 'mysql'"
 			exec gosu mysql "$BASH_SOURCE" "$@"
 		fi
 
-		# still need to check config, container may have started with --user
-		mysql_check_config "$@"
+		# just in case the script was not started as root
+		docker_create_db_directories
 
 		# If this is true then there's no database, and it needs to be initialized
 		if [ ! -d "$DATADIR/mysql" ]; then
 			docker_verify_minimum_env
-			docker_create_db_directories "$@"
-			docker_init_client_command
+			docker_init_database_dir "$@"
 
 			mysql_note "Starting temporary server"
 			docker_temp_server_start "$@"
 			mysql_note "Temporary server started."
 
-
 			docker_setup_db
+			docker_process_init_files /docker-entrypoint-initdb.d/*
 
-			echo
-			for f in /docker-entrypoint-initdb.d/*; do
-				docker_process_init_files "$f"
-			done
+			mysql_expire_root_user
 
-			if [ ! -z "$MYSQL_ONETIME_PASSWORD" ]; then
-				mysql_expire_root_user
-			fi
 			mysql_note "Stopping temporary server"
 			docker_temp_server_stop
 			mysql_note "Temporary server stopped"
 
-			# Remove the password file now that initialization is complete
-			rm -f "${PASSFILE}"
 			unset PASSFILE
 			echo
 			mysql_note "MySQL init process done. Ready for start up."
@@ -306,8 +316,10 @@ _main() {
 	fi
 	exec "$@"
 }
+
 # This checks if the script has been sourced from elsewhere.
 # If so we don't perform any further actions
+# https://unix.stackexchange.com/a/215279
 if [ "${FUNCNAME[${#FUNCNAME[@]} - 1]}" != 'source' ]; then
 	_main "$@"
 fi