109802 - checksetup.pl fails to connect to mysql database - password not escaped in localconfig

Status: RESOLVED FIXED

(Bugzilla :: Installation & Upgrading, defect, P1)

Description

[Chris Herrmann]

I'm currently trying to install bugzilla 2.14. I've installed all the 
prerequisites, and all seems happy, until I go to run ./checksetup.pl ...

It seems that the checksetup scripts is ignoring the values in the config file, 
and is connecting as root@localhost to mysql, with no password (which fails, 
strangely enough).

When doing so, it says:

[root@gemini bugzilla-2.14]# ./checksetup.pl

Checking perl modules ...
Checking for             DBI (v1.13)   ok: found v1.20
Checking for    Data::Dumper (any)     ok: found v2.101
Checking for      DBD::mysql (v1.2209) ok: found v2.0416
Checking for     Date::Parse (any)     ok: found v2.20
Checking for       CGI::Carp (any)     ok: found v1.14

The following Perl modules are optional:
Checking for              GD (v1.19)   ok: found v1.33
Checking for     Chart::Base (v0.99)   ok: found v0.99
Checking for     XML::Parser (any)      not found

If you want to use the bug import/export feature to move bugs to or from
other bugzilla installations, you will need to install the XML::Parser module by
running (as root)

   perl -MCPAN -e'install "XML::Parser"'

Checking user setup ...
Use of uninitialized value in concatenation (.) at ./checksetup.pl line 802 (#1)

    (W uninitialized) An undefined value was used as if it were already 
defined.  It was
    interpreted as a "" or a 0, but maybe it was a mistake.  To suppress this
    warning assign a defined value to your variables.

DBI->connect(:host=:port=) failed: Access denied for user: 'root@localhost' 
(Using password: NO) a
t ./checksetup.pl line 803
Uncaught exception from user code:
        Can't connect to the table 'dbi:mysql::host=:port='.
Have you read the Bugzilla Guide in the doc directory?  Have you read the doc 
of 'mysql'?

------------------------------------

Now, not wishing to appear too stupid... I did read the mysql guide, and in 
fact had a previously functioning mysql server, strangely enough, with a root 
password set <g>. Sorry, I couldn't resist after the tongue in check 
instructions.

I've updated my localconfig file as follows:

$db_host = "localhost";         # where is the database?
$db_port = 3306;                # which port to use
$db_name = "bugs";              # name of the MySQL database
$db_user = "bugs";              # user to attach to the MySQL database

#
# Some people actually use passwords with their MySQL database ...
#
$db_pass = "my secret password";



#
# Should checksetup.pl try to check if your MySQL setup is correct?
# (with some combinations of MySQL/Msql-mysql/Perl/moonphase this doesn't work)
#
$db_check = 1;

----------------------------------------

If i log in manually using the above details, no problem - can create / drop 
etc etc in the bugs db.

If I look at the error message though, it doesn't appear to be picking up these 
values from localconfig, rather, is attempting to connect as root@localhost 
with no password.

I tried substituting line 803 for my own...
#my $dbh = DBI->connect($connectstring, $my_db_user, $my_db_pass)
my $dbh = DBI->connect($connectstring, 'bugs', 'my secret password')

which then appeared to get past this stage, but bombs out again around line 
1137:
[root@gemini bugzilla-2.14]# ./checksetup.pl
Checking user setup ...
Use of uninitialized value in concatenation (.) at ./checksetup.pl line 802 (#1)

    (W uninitialized) An undefined value was used as if it were already 
defined.  It was
    interpreted as a "" or a 0, but maybe it was a mistake.  To suppress this
    warning assign a defined value to your variables.

DBD::mysql::db tables failed: No Database Selected at ./checksetup.pl line 1137.
Creating table tokens ...
DBD::mysql::db do failed: No Database Selected at ./checksetup.pl line 1160.
Uncaught exception from user code:
        Could not create table 'tokens'. Please check your 'mysql' access.

---------------------------

I'm afraid that my perl hacking status kind of ends there...

Comment 1

[Dave Miller [:justdave]]

I'm unable to reproduce this with the current cvs code...  it works just fine
for me, and I'm using a database that's locked down and requires passwords for
everything.  I do seem to recall fixing this at some point...  but I could swear
it was in 2.12....  bug 44622 to be specific.

If anyone can reproduce this on current bugzilla code, please reopen.

Comment 2

[Dave Miller [:justdave]]

For future reference, the reporter mailed me his localconfig file privately...
the problem was that he had "$" and "@" characters in his database password,
which were not escaped in the variable declaration in localconfig.  Reopening,
since using special characters in a password is something people are pretty
likely to do, and not everyone editing that file is going to know Perl.

Suggested fix: the comment that is generated with the $db_pass variable should
indicate that special characters need to be escaped in the string.

Comment 3

[Dave Miller [:justdave]]

Attachment: Change quoting and comments in default $db_pass definition

I changed the quoting to use single-quotes, which requires nothing to be
escaped except the single quote character and the backslash character, and
added a comment indicating that you needed to escape ' and \

Comment 4

[David D. Kilzer (ddk)]

Comment on attachment 58555 [details] [diff] [review]
Change quoting and comments in default $db_pass definition

r=ddk  Looks good.  Need a second?

Comment 5

[Luis Villa]

Comment on attachment 58555 [details] [diff] [review]
Change quoting and comments in default $db_pass definition

r=louie; looks fine here.

Comment 6

[Myk Melez [:myk] [@mykmelez]]

Checking in checksetup.pl;
/cvsroot/mozilla/webtools/bugzilla/checksetup.pl,v  <--  checksetup.pl
new revision: 1.111; previous revision: 1.110
done