Avoid passing mysqldump passwords on the command line

diff --git a/cookbooks/blog/templates/default/backup.cron.erb b/cookbooks/blog/templates/default/backup.cron.erb
index d6fc5a79063ffa14d96a4660fe4c424b2c7e9def..9e791abd9f681e0ca63db4d859de0974534e8279 100644 (file)
--- a/cookbooks/blog/templates/default/backup.cron.erb
+++ b/cookbooks/blog/templates/default/backup.cron.erb
@@ -7,7 +7,10 @@ D=$(date +%Y-%m-%d)
 B=osm-blog-$D.tar.gz
 
 mkdir $T/osm-blog-$D
-mysqldump --user=osm-blog-user --password=<%= @passwords["osm-blog-user"] %> --opt osm-blog > $T/osm-blog-$D/osm-blog.sql
+echo '[mysqldump]' > $T/mysqldump.opts
+echo 'user=osm-blog-user' >> $T/mysqldump.opts
+echo 'password=<%= @passwords["osm-blog-user"] %>' >> $T/mysqldump.opts
+mysqldump --defaults-file=$T/mysqldump.opts --opt osm-blog > $T/osm-blog-$D/osm-blog.sql
 ln -s /srv/blog.openstreetmap.org $T/osm-blog-$D/www
 
 export GZIP="--rsyncable -9"

diff --git a/cookbooks/civicrm/templates/default/backup.cron.erb b/cookbooks/civicrm/templates/default/backup.cron.erb
index 202469c877b98db35659cd8a9ff93bdf4967f671..8ee0c5257b3033c9c6a7a487b44940e783c89078 100644 (file)
--- a/cookbooks/civicrm/templates/default/backup.cron.erb
+++ b/cookbooks/civicrm/templates/default/backup.cron.erb
@@ -7,7 +7,10 @@ D=$(date +%Y-%m-%d)
 B=osmf-crm-$D.tar.gz
 
 mkdir $T/osmf-crm-$D
-mysqldump --user=civicrm --password=<%= @passwords["database"] %> --opt --skip-lock-tables civicrm > $T/osmf-crm-$D/civicrm.sql
+echo '[mysqldump]' > $T/mysqldump.opts
+echo 'user=civicrm' >> $T/mysqldump.opts
+echo 'password=<%= @passwords["database"] %>' >> $T/mysqldump.opts
+mysqldump --defaults-file=$T/mysqldump.opts --opt --skip-lock-tables civicrm > $T/osmf-crm-$D/civicrm.sql
 ln -s /srv/join.osmfoundation.org $T/osmf-crm-$D/www
 
 export GZIP="--rsyncable -9"

diff --git a/cookbooks/donate/templates/default/backup.cron.erb b/cookbooks/donate/templates/default/backup.cron.erb
index 139c1a3fe240779fb84f128e7f49ee1d5e38cfea..7ff3ee08aa6413d7e453eb45f63c3c7e0a0fd6ee 100644 (file)
--- a/cookbooks/donate/templates/default/backup.cron.erb
+++ b/cookbooks/donate/templates/default/backup.cron.erb
@@ -7,7 +7,10 @@ D=$(date +%Y-%m-%d)
 B=osm-donate-$D.tar.gz
 
 mkdir $T/osm-donate-$D
-mysqldump --user=donate --password="<%= @passwords['database'] %>" --opt donate > $T/osm-donate-$D/osm-donate.sql
+echo '[mysqldump]' > $T/mysqldump.opts
+echo 'user=donate' >> $T/mysqldump.opts
+echo 'password=<%= @passwords["database"] %>' >> $T/mysqldump.opts
+mysqldump --defaults-file=$T/mysqldump.opts --opt donate > $T/osm-donate-$D/osm-donate.sql
 ln -s /srv/donate.openstreetmap.org $T/osm-donate-$D/www
 
 export GZIP="--rsyncable -9"

diff --git a/cookbooks/mediawiki/templates/default/mediawiki-backup.cron.erb b/cookbooks/mediawiki/templates/default/mediawiki-backup.cron.erb
index 5ef01bcef0fe0471bad5c10a3eba1709dd75f1e3..37c3b02f6e4fcbc7ef50b8d56a109f985ace3073 100755 (executable)
--- a/cookbooks/mediawiki/templates/default/mediawiki-backup.cron.erb
+++ b/cookbooks/mediawiki/templates/default/mediawiki-backup.cron.erb
@@ -4,7 +4,10 @@ D=`date +%Y-%m-%d`
 B=wiki-<%= @name %>-$D.tar.gz
 
 mkdir $T/wiki-<%= @name %>-$D
-mysqldump --user="<%= @database_params[:username] %>" --password="<%= @database_params[:password] %>" --opt --skip-lock-tables --single-transaction "<%= @database_params[:name] %>" | lz4 -9 > $T/wiki-<%= @name %>-$D/wiki.sql.lz4
+echo '[mysqldump]' > $T/mysqldump.opts
+echo 'user=<%= @database_params[:username] %>' >> $T/mysqldump.opts
+echo 'password=<%= @database_params[:password] %>' >> $T/mysqldump.opts
+mysqldump --defaults-file=$T/mysqldump.opts -opt --skip-lock-tables --single-transaction "<%= @database_params[:name] %>" | lz4 -9 > $T/wiki-<%= @name %>-$D/wiki.sql.lz4
 ln -s <%= @directory %>  $T/wiki-<%= @name %>-$D/www
 export GZIP="--rsyncable -9" #make backup rsyncable
 nice tar --create --gzip --dereference --directory=$T --exclude=wiki-<%= @name %>-$D/www/w/images/thumb --exclude=wiki-<%= @name %>-$D/www/w/.git --exclude=wiki-<%= @name %>-$D/www/w/extensions/*/.git --file=$T/$B wiki-<%= @name %>-$D

diff --git a/cookbooks/stateofthemap/templates/default/backup.cron.erb b/cookbooks/stateofthemap/templates/default/backup.cron.erb
index a8e1da21c5d1daa8a494496854b6f04f9bf69c05..3f2fe977653886c24d33022c5782a84bee77fe02 100644 (file)
--- a/cookbooks/stateofthemap/templates/default/backup.cron.erb
+++ b/cookbooks/stateofthemap/templates/default/backup.cron.erb
@@ -9,7 +9,10 @@ B=sotm-$D.tar.gz
 mkdir $T/sotm-$D
 
 <% %w(2007 2008 2009 2010 2011 2012 2016).each do |year| -%>
-mysqldump --user=sotm<%= year %> --password=<%= @passwords["sotm#{year}"] %> --opt sotm<%= year %> > $T/sotm-$D/sotm<%= year %>.sql
+echo '[mysqldump]' > $T/mysqldump.opts
+echo 'user=sotm<%= year %>' >> $T/mysqldump.opts
+echo 'password=<%= @passwords["sotm#{year}"] %>' >> $T/mysqldump.opts
+mysqldump --defaults-file=$T/mysqldump.opts --opt sotm<%= year %> > $T/sotm-$D/sotm<%= year %>.sql
 <% end -%>
 
 ln -s /srv/2007.stateofthemap.org $T/sotm-$D/www2007

diff --git a/cookbooks/switch2osm/templates/default/backup.cron.erb b/cookbooks/switch2osm/templates/default/backup.cron.erb
index 4a472e5aa584695be678f708cd7de1c882e061d2..5f913f3d535720e9b63fd46b085a1416134f2b8f 100644 (file)
--- a/cookbooks/switch2osm/templates/default/backup.cron.erb
+++ b/cookbooks/switch2osm/templates/default/backup.cron.erb
@@ -7,7 +7,10 @@ D=$(date +%Y-%m-%d)
 B=switch2osm-$D.tar.gz
 
 mkdir $T/switch2osm-$D
-mysqldump --user=switch2osm-user --password=<%= @passwords["switch2osm-user"] %> --opt switch2osm-blog > $T/switch2osm-$D/switch2osm-blog.sql
+echo '[mysqldump]' > $T/mysqldump.opts
+echo 'user=switch2osm-user' >> $T/mysqldump.opts
+echo 'password=<%= @passwords["switch2osm-user"] %>' >> $T/mysqldump.opts
+mysqldump --defaults-file=$T/mysqldump.opts --opt switch2osm-blog > $T/switch2osm-$D/switch2osm-blog.sql
 ln -s /srv/switch2osm.org $T/switch2osm-$D/www
 
 export GZIP="--rsyncable -9"