#!/bin/sh
# postinst script for apparmor
#
# see: dh_installdeb(1)
set -e

. /usr/share/debconf/confmodule
. /lib/apparmor/rc.apparmor.functions

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

case "$1" in
    configure|abort-remove|abort-deconfigure)

	# Remove old cache directories
	if dpkg --compare-versions "$2" lt-nl "2.13-7"; then
		rm -rf /etc/apparmor.d/cache /etc/apparmor.d/cache.d
	fi

	# Remove old cache files that click, snapd or manual invokation
	# of "apparmor_parser --cache-loc /var/cache/apparmor" may have created:
	# since 2.13-1 apparmor_parser won't create cache files at the root
	# of the cache-loc, but instead in sub-directories.
	if dpkg --compare-versions "$2" lt-nl "2.13-7"; then
		find /var/cache/apparmor -maxdepth 1 -type f '!' -name CACHEDIR.TAG -delete
	fi

	# Try to determine values for apparmor/homedirs if the administrator
	# hasn't already.
	if dpkg --compare-versions "$2" lt-nl "2.5~pre+bzr1362-0ubuntu2"; then
	    db_get apparmor/homedirs
            if [ -z "$RET" ]; then
		# Get unique dirnames for uids between 1000 and 30000, then
		# format them appropriately for AppArmor
		dirs=`awk -F: '$3 >= 1000 && $3 < 30000 {printf "%s\n", $6}' /etc/passwd | xargs -d '\n' -n 1 dirname | grep -v '^/home$' | sed -e 's#\(.*\)#\\1/#g' | sed -e '/ / { s#\(.*\)#"\\1"#g }' | sort -u | tr '\n' ' '`
		if [ -n "$dirs" ]; then
		    db_set apparmor/homedirs "$dirs"
		fi
	    fi
	fi

	db_get apparmor/homedirs
	tmp=`mktemp`
        cat > "$tmp" <<EOM
# This file is auto-generated. It is recommended you update it using:
# $ sudo dpkg-reconfigure apparmor
#
# The following is a space-separated list of where additional user home
# directories are stored, each must have a trailing '/'. Directories added
# here are appended to @{HOMEDIRS}.  See tunables/home for details.
EOM
        if [ -n "$RET" ]; then
            cat >> "$tmp" <<EOM
@{HOMEDIRS}+=$RET
EOM
        else
            cat >> "$tmp" <<EOM
#@{HOMEDIRS}+=
EOM
        fi
        mkdir -p /etc/apparmor.d/tunables/home.d 2>/dev/null || true
        mv -Z -f "$tmp" /etc/apparmor.d/tunables/home.d/ubuntu
        chmod 644 /etc/apparmor.d/tunables/home.d/ubuntu

        if [ ! -e /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local ]; then
            tmp=`mktemp`
            cat > "$tmp" <<EOM
# ------------------------------------------------------------------
#
#    Copyright (C) 2014 Canonical Ltd.
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------

# The following may be used to add additional entries such as for
# translations. See tunables/xdg-user-dirs for details. Eg:
#@{XDG_MUSIC_DIR}+="Musique"

#@{XDG_DESKTOP_DIR}+=""
#@{XDG_DOWNLOAD_DIR}+=""
#@{XDG_TEMPLATES_DIR}+=""
#@{XDG_PUBLICSHARE_DIR}+=""
#@{XDG_DOCUMENTS_DIR}+=""
#@{XDG_MUSIC_DIR}+=""
#@{XDG_PICTURES_DIR}+=""
#@{XDG_VIDEOS_DIR}+=""
EOM

            mkdir -p /etc/apparmor.d/tunables/xdg-user-dirs.d 2>/dev/null || true
            mv -Z -n "$tmp" /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
            chmod 644 /etc/apparmor.d/tunables/xdg-user-dirs.d/site.local
        fi

        # Remove various profiles from Ubuntu Touch since they no longer exist
        # in the archive and require files from apparmor-easyprof-ubuntu (which
        # was also removed) to load correctly.
	if dpkg --compare-versions "$2" lt-nl "2.12-4ubuntu4"; then
            for i in usr.bin.media-hub-server usr.bin.mediascanner-service-2.0 usr.lib.mediascanner-2.0.mediascanner-extractor usr.bin.messaging-app usr.bin.webbrowser-app ; do
                rm -f "/etc/apparmor.d/$i"
                rm -f "/etc/apparmor.d/local/$i"
            done
        fi
        ;;

    abort-upgrade)
        # Nothing to do
        ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

# Automatically added by dh_apparmor/3.0.13-2
if [ "$1" = "configure" ]; then
    APP_PROFILE="/etc/apparmor.d/lsb_release"
    if [ -f "$APP_PROFILE" ]; then
        # Add the local/ include
        LOCAL_APP_PROFILE="/etc/apparmor.d/local/lsb_release"

        test -e "$LOCAL_APP_PROFILE" || {
            mkdir -p `dirname "$LOCAL_APP_PROFILE"`
            install --mode 644 /dev/null "$LOCAL_APP_PROFILE"
        }

        # Reload the profile, including any abstraction updates
        if aa-enabled --quiet 2>/dev/null; then
            apparmor_parser -r -T -W "$APP_PROFILE" || true
        fi
    fi
fi
# End automatically added section
# Automatically added by dh_apparmor/3.0.13-2
if [ "$1" = "configure" ]; then
    APP_PROFILE="/etc/apparmor.d/nvidia_modprobe"
    if [ -f "$APP_PROFILE" ]; then
        # Add the local/ include
        LOCAL_APP_PROFILE="/etc/apparmor.d/local/nvidia_modprobe"

        test -e "$LOCAL_APP_PROFILE" || {
            mkdir -p `dirname "$LOCAL_APP_PROFILE"`
            install --mode 644 /dev/null "$LOCAL_APP_PROFILE"
        }

        # Reload the profile, including any abstraction updates
        if aa-enabled --quiet 2>/dev/null; then
            apparmor_parser -r -T -W "$APP_PROFILE" || true
        fi
    fi
fi
# End automatically added section
# Automatically added by dh_installdeb/13.15.2
dpkg-maintscript-helper rm_conffile /etc/apparmor.d/abstractions/launchpad-integration 2.13.1-2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/apparmor/features 2.11.1-4\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/apparmor/subdomain.conf 2.13.2-2\~ -- "$@"
dpkg-maintscript-helper rm_conffile /etc/init/apparmor.conf 2.11.0-11\~ -- "$@"
# End automatically added section
# Automatically added by dh_installinit/13.15.2
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	if [ -x "/etc/init.d/apparmor" ]; then
		update-rc.d apparmor defaults >/dev/null || true
	fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.15.2
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	# The following line should be removed in trixie or trixie+1
	deb-systemd-helper unmask 'apparmor.service' >/dev/null || true

	# was-enabled defaults to true, so new installations run enable.
	if deb-systemd-helper --quiet was-enabled 'apparmor.service'; then
		# Enables the unit on first installation, creates new
		# symlinks on upgrades if the unit file has changed.
		deb-systemd-helper enable 'apparmor.service' >/dev/null || true
	else
		# Update the statefile to add new symlinks (if any), which need to be
		# cleaned up on purge. Also remove old symlinks.
		deb-systemd-helper update-state 'apparmor.service' >/dev/null || true
	fi
fi
# End automatically added section


# Now that AppArmor is installed, attempt to reload profiles in the
# case of upgrades.
aa_log_action_start() {
    echo "$@"
}
aa_log_action_end() {
    echo -n
}
aa_log_daemon_msg() {
    echo "$@"
}
aa_log_end_msg() {
    echo -n
}
aa_log_failure_msg() {
    echo "Error: $@"
}
aa_log_skipped_msg() {
    echo "Skipped: $@"
}
aa_log_warning_msg() {
    echo "Warning: $@"
}
case "$1" in
    configure)
        if aa-status --enabled 2>/dev/null; then
            parse_profiles reload || true
        fi
        ;;
esac

exit 0