#!/bin/sh
#
# post-installation script for AIDE
# A whole lot of this is "borrowed" from tripwire's postinst
#

set -e

# We need debconf.
. /usr/share/debconf/confmodule

if [ -n "$AIDEDEBUG" ]; then
  printf "now debugging %s %s\n" "$0" "$@"
  set -x
fi

PKGNAME="aide"

# Flags to be passed to aideinit
aideinitflags="-b"

# Make sure we should be running...
case "$1" in
    configure)
        # continue below
        ;;
    abort-upgrade|abort-remove|abort-deconfigure)
        exit 0
        ;;
    *)
        printf >&2 "postinst called with unknown argument %s\n" "$1"
        exit 0
        ;;
esac

# handle ucf-conffiles

# ucf-helper-functions is part of ucf starting with bullseye
# we keep our own (identical) version for the time being to be
# backportable to buster.
. /usr/share/aide/ucf-helper-functions.sh
SRCDIR="/usr/share/$PKGNAME/config"
TRGDIR="/etc"

# added updating to 0.18-1
rm -rf /var/tmp/aide.cron.daily /var/tmp/aide.cron.daily.old.*

rm -f /var/lib/aide/aide.conf.autogenerated
if dpkg --compare-versions "$2" le "0.16-1"; then
    # we're updating from a version earlier than 0.16-1, rename DHCP conffiles
    rename_ucf_file /etc/aide/aide.conf.d/31_aide_dhcp3-client /etc/aide/aide.conf.d/31_aide_isc-dhcp-client 
    rename_ucf_file /etc/aide/aide.conf.d/31_aide_dhcp3-server /etc/aide/aide.conf.d/31_aide_isc-dhcp-server 
fi
handle_all_ucf_files $SRCDIR $TRGDIR

# in aide 0.17.2-1, the smokeping snippet has been made static
# instead of being a executable snippet. Remove x bits on an unchanged
# file
if [ "$(sha256sum /etc/aide/aide.conf.d/31_aide_smokeping)" = "99f11d04cf33318cef28cb71c252ee0f7b5c37e91893e813973ee120f301a5a7  /etc/aide/aide.conf.d/31_aide_smokeping" ]; then
    chmod 0644 /etc/aide/aide.conf.d/31_aide_smokeping
fi
if [ "$(sha256sum /etc/aide/aide.conf.d/31_aide_sudo)" = "9081189536ce23888827e6cd1f94884033fc5acb689bdf4083001e1ecd7a7e5a  /etc/aide/aide.conf.d/31_aide_sudo" ]; then
    chmod 0644 /etc/aide/aide.conf.d/31_aide_sudo
fi

db_get aide/aideinit
if [ "$RET" = "true" ]; then
	if [ -f "/var/lib/aide/aide.db.new" ]; then
		db_get aideinit/overwritenew
		if [ "$RET" = "true" ]; then
			aideinitflags="$aideinitflags -y"
		fi
	fi
	db_get aideinit/copynew
	if [ "$RET" = "true" ]; then
		aideinitflags="$aideinitflags -f"
	fi
	# borrowed this trick from man-db
	# just making sure it actually ends up in the background...
	start-stop-daemon --start --background --pidfile /dev/null \
	--startas /usr/sbin/aideinit -- $aideinitflags
	db_set aide/aideinit false
fi

# Automatically added by dh_installsysusers/13.11.6
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
   systemd-sysusers ${DPKG_ROOT:+--root="$DPKG_ROOT"} aide-common.conf
fi
# End automatically added section
# Automatically added by dh_installtmpfiles/13.11.6
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	if [ -x "$(command -v systemd-tmpfiles)" ]; then
		systemd-tmpfiles ${DPKG_ROOT:+--root="$DPKG_ROOT"} --create aide-common.conf || true
	fi
fi
# End automatically added section
# Automatically added by dh_installdeb/13.11.6
dpkg-maintscript-helper mv_conffile /etc/cron.daily/aide /etc/cron.daily/dailyaidecheck 0.18.6-2\~ -- "$@"
# End automatically added section
# Automatically added by dh_installsystemd/13.11.6
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	# The following line should be removed in trixie or trixie+1
	deb-systemd-helper unmask 'dailyaidecheck.timer' >/dev/null || true

	# was-enabled defaults to true, so new installations run enable.
	if deb-systemd-helper --quiet was-enabled 'dailyaidecheck.timer'; then
		# Enables the unit on first installation, creates new
		# symlinks on upgrades if the unit file has changed.
		deb-systemd-helper enable 'dailyaidecheck.timer' >/dev/null || true
	else
		# Update the statefile to add new symlinks (if any), which need to be
		# cleaned up on purge. Also remove old symlinks.
		deb-systemd-helper update-state 'dailyaidecheck.timer' >/dev/null || true
	fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.11.6
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	if [ -d /run/systemd/system ]; then
		systemctl --system daemon-reload >/dev/null || true
		if [ -n "$2" ]; then
			_dh_action=restart
		else
			_dh_action=start
		fi
		deb-systemd-invoke $_dh_action 'dailyaidecheck.service' 'dailyaidecheck.timer' >/dev/null || true
	fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.11.6
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	# The following line should be removed in trixie or trixie+1
	deb-systemd-helper unmask 'dailyaidecheck.timer' >/dev/null || true

	# was-enabled defaults to true, so new installations run enable.
	if deb-systemd-helper --quiet was-enabled 'dailyaidecheck.timer'; then
		# Enables the unit on first installation, creates new
		# symlinks on upgrades if the unit file has changed.
		deb-systemd-helper enable 'dailyaidecheck.timer' >/dev/null || true
	else
		# Update the statefile to add new symlinks (if any), which need to be
		# cleaned up on purge. Also remove old symlinks.
		deb-systemd-helper update-state 'dailyaidecheck.timer' >/dev/null || true
	fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.11.6
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	if [ -d /run/systemd/system ]; then
		systemctl --system daemon-reload >/dev/null || true
		if [ -n "$2" ]; then
			_dh_action=restart
		else
			_dh_action=start
		fi
		deb-systemd-invoke $_dh_action 'dailyaidecheck.service' 'dailyaidecheck.timer' >/dev/null || true
	fi
fi
# End automatically added section


# this needs to be after debhelper, otherwise the account doesn't
# yet exist.
if dpkg --compare-versions "$2" lt 0.17.5-1; then
    # we're updating from a version earlier than 0.17.5, chown logs
    # and databases
    chown --quiet _aide:adm /var/log/aide /var/log/aide/aide.log /var/log/aide/aide.log.* || true
    chmod --quiet 2755 /var/log/aide || true
    chown --quiet _aide:root /var/lib/aide/aide.db /var/lib/aide/aide.db.new || true
fi
if dpkg --compare-versions "$2" le 0.18.3-1; then
    # we're updating from 0.18.3-1 or earlier, chown aideinit logs
    chown --quiet _aide:adm /var/log/aide/aideinit.log /var/log/aide/aideinit.errors|| true
fi

exit 0

# vim:sw=4:sts=4:et: