MDEV-15502 debian: systemd, with tmpfiles install not required

With PermissionsStartOnly deprecated, remove this from the
systemd service file.

Replace Debian's ExecStartPre "install -d" with a tmpfile
configuration directive creating the directory with this.

Debian's ExecStartPost of the mariadb upgrade uses the !
special executable prefix added in systemd v231 to use
root privs.

cmake/systemd.cmake

@@ -50,8 +50,7 @@ MACRO(CHECK_SYSTEMD)
           SET(SYSTEMD_SCRIPTS ${SYSTEMD_SCRIPTS} galera_new_cluster galera_recovery)
         ENDIF()
         IF(DEB)
-          SET(SYSTEMD_EXECSTARTPRE "ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var/run/mysqld")
-          SET(SYSTEMD_EXECSTARTPOST "ExecStartPost=/etc/mysql/debian-start")
+          SET(SYSTEMD_EXECSTARTPOST "ExecStartPost=!/etc/mysql/debian-start")
         ENDIF()
 	IF(URING_FOUND)
 	  SET(SYSTEMD_LIMIT "# For liburing and io_uring_setup()

debian/mariadb-server.install

@@ -16,6 +16,7 @@ lib/systemd/system/mariadb@.socket
 lib/systemd/system/mysql.service
 lib/systemd/system/mysqld.service
 support-files/rpm/enable_encryption.preset etc/mysql/mariadb.conf.d/99-enable-encryption.cnf.preset
+usr/lib/tmpfiles.d/mariadb.conf
 usr/bin/aria_chk
 usr/bin/aria_dump_log
 usr/bin/aria_ftdump

debian/not-installed

@@ -24,7 +24,6 @@ usr/bin/uca-dump
 usr/bin/wsrep_sst_backup
 usr/lib/mysql/plugin/type_test.so
 usr/lib/sysusers.d/mariadb.conf # Not used (yet) in Debian systemd
-usr/lib/tmpfiles.d/mariadb.conf # Not used (yet) in Debian systemd
 usr/sbin/rcmysql
 usr/share/doc/mariadb-server/COPYING (related file: "debian/tmp/usr/share/mysql/mroonga/COPYING")
 usr/share/doc/mariadb-server/CREDITS

support-files/CMakeLists.txt

@@ -210,11 +210,15 @@ IF(UNIX AND NOT WITHOUT_SERVER)
             RENAME mariadb.conf COMPONENT Server)
   ENDIF()
 
-  IF((HAVE_SYSTEMD OR INSTALL_SYSTEMD_TMPUSERS) AND INSTALL_SYSTEMD_TMPFILESDIR
-     AND INSTALL_RUNDATADIR)
+  IF((HAVE_SYSTEMD OR INSTALL_SYSTEMD_TMPUSERS) AND INSTALL_SYSTEMD_TMPFILESDIR)
     IF(MYSQL_DATADIR STREQUAL INSTALL_RUNDATADIR)
-      SET(DISABLE_TMP "#")
+      SET(DISABLE_RUNDATADIR "#")
     ENDIF()
+    get_filename_component(MYSQL_UNIX_ADDRDIR ${MYSQL_UNIX_ADDR} DIRECTORY)
+    IF(MYSQL_UNIX_ADDRDIR STREQUAL MYSQL_DATADIR OR MYSQL_UNIX_ADDRDIR STREQUAL INSTALL_RUNDATADIR)
+      SET(DISABLE_MYSQL_UNIX_ADDRDIR "#")
+    ENDIF()
+
     CONFIGURE_FILE(tmpfiles.conf.in
             ${CMAKE_CURRENT_BINARY_DIR}/tmpfiles.conf @ONLY)
     INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/tmpfiles.conf

support-files/mariadb.service.in

@@ -62,17 +62,12 @@ ProtectSystem=full
 # Prevent accessing /home, /root and /run/user
 ProtectHome=true
 
-# Execute pre and post scripts as root, otherwise it does it as User=
-PermissionsStartOnly=true
-
 # Use an environment file to pass variable _WSREP_NEW_CLUSTER
 EnvironmentFile=-@INSTALL_RUNDATADIR@/wsrep-new-cluster
 
 # Use an environment file to pass variable _WSREP_START_POSITION
 EnvironmentFile=-@INSTALL_RUNDATADIR@/wsrep-start-position
 
-@SYSTEMD_EXECSTARTPRE@
-
 # Perform automatic wsrep recovery. When server is started without wsrep,
 # galera_recovery simply returns an empty string. In any case, however,
 # the script is not expected to return with a non-zero status.
@@ -84,7 +79,7 @@ ExecStartPre=/bin/sh -c "[ ! -e @bindir@/galera_recovery ] && VAR= || \
  && echo _WSREP_START_POSITION=$VAR > @INSTALL_RUNDATADIR@/wsrep-start-position || exit 1"
 
 # Needed to create system tables etc.
-# ExecStartPre=@scriptdir@/mariadb-install-db -u mysql
+# ExecStartPre=@scriptdir@/mariadb-install-db
 
 # Start main service
 # MYSQLD_OPTS here is for users to set in /etc/systemd/system/mariadb.service.d/MY_SPECIAL.conf

support-files/tmpfiles.conf.in

@@ -12,4 +12,5 @@
 # etc.
 # It shouldn't be used for datadir which is why it
 # may be disabled.
-@DISABLE_TMP@d @INSTALL_RUNDATADIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ -
+@DISABLE_RUNDATADIR@d @INSTALL_RUNDATADIR@ 0755 @MYSQLD_USER@ @MYSQLD_USER@ -
+@DISABLE_MYSQL_UNIX_ADDRDIR@d @MYSQL_UNIX_ADDRDIR@ 0755 @MYSQLD_USER@ root -