There is a problem with this solution: it won't work for MySQL versions that are older than the current pkgs.mysql57, because of the way the package versions are compared. I'll need to improve this.

The problem mentioned above is now corrected. I don't like specifying "5.7" as the explicit version; I'd rather extract the partial version from pkgs.mysql57.version, but the complexity isn't worth it.

Passing --insecure seems scary, a comment explaining it would not be amiss ;)

@lheckemann ok

@lheckemann I added an explanation about --insecure.

Thanks! Does this mean that any local user will be able to log in as the root db user without a password then?

Thanks! Does this mean that any local user will be able to log in as the root db user without a password then?

Yes. This is how the default configuration (with mariadb) works.

Hmm well upstream's change seems like a sensible one then. Maybe we should do some stateVersion-based logic here so that we default to a secure config on nixos in future too.

cc @thoughtpolice mariadb maintainer

Hmm well upstream's change seems like a sensible one then.

To me, it looks like an over-cautious default option whose primary purpose is to make the admin pay attention by giving him a deployment that is not instantly usable. The admin is then forced to either set the password explicitly, or explicitly request empty password.

Real-world installation will have a better mechanism for setting up the password. For example, Gentoo interactively asks for password; Ubuntu uses socket-based authentication; MySQL's official APT package also interactively asks for password, and switches to socket-based authentication if no password is provided.

(On a separate note, what should we consider "upstream" - Oracle' MySQL or MariaDB?..)

Maybe we should do some stateVersion-based logic here so that we default to a secure config on nixos in future too.

I would be quite upset if this logic would just call mysql_install_db without options and allow it to create a randomized password. I rely on passwordless mysql login in my deployment scripts; how am I supposed to operate mysql if the password is randomized?

On the other hand, it makes sense to make use of socket-based authentication, which is a convenient mechanism for granting automatic and secure access to the system's root user. The mysql_install_db program from both pkgs.mariadb and pkgs.mysql57 seems to support socket-based authentication. mysql_install_db from pkgs.mysql55 doesn't seem to support it, but it's not a big deal: the module will have to differentiate between pkgs.mariadb, pkgs.mysql55 and pkgs.mysql57 anyway.

In any case, this may become a topic for another PR; for this one, initializing with empty password is the most logical thing to do.

I was thinking less along the lines of randomized password and more along the lines of an initialHashedPassword option. But yes, socket-based auth is also good. And yes, I suppose we can merge this, since it restores the old behaviour, in the meantime.

This also fixes #25418. Will backport to 18.09.