#!/bin/sh
# postinst script for debathena-apparmor-config
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

# displace.sh.in: diversion helpers for maintainer scripts
#
# displace_link <prefix> <suffix>
#
#   Ensures that the file <prefix><suffix> is properly diverted to
#   <prefix>.divert-orig<suffix> by this package, and becomes a
#   symbolic link to either <prefix>.divert<suffix> (default) or
#   <prefix>.divert-orig<suffix>.
#
# undisplace_unlink <prefix> <suffix>
#
#   Undoes the action of displace_link <prefix> <suffix> specified
#   above.
#
# Version: 4.0
#
# Copyright © 2008–2012 Tim Abbott <tabbott@mit.edu> and Anders
# Kaseorg <andersk@mit.edu>
#
# Permission is hereby granted, free of charge, to any person
# obtaining a copy of this software and associated documentation files
# (the “Software”), to deal in the Software without restriction,
# including without limitation the rights to use, copy, modify, merge,
# publish, distribute, sublicense, and/or sell copies of the Software,
# and to permit persons to whom the Software is furnished to do so,
# subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
# BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
# ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
# CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#

package=debathena-apparmor-config

ours=.debathena
theirs=.debathena-orig

displace_link_displace()
{
    file=$1
    ourfile=$2
    theirfile=$3
    if ! LC_ALL=C dpkg-divert --list "$package" | \
	grep -xFq "diversion of $file to $theirfile by $package"; then
	dpkg-divert --divert "$theirfile" --rename --package "$package" --add "$file"
    fi
}

displace_link_symlink()
{
    file=$1
    ourfile=$2
    theirfile=$3
    if [ ! -L "$file" ] && [ ! -e "$file" ]; then
	ln -s "$(basename "$ourfile")" "$file"
    elif [ ! -L "$file" ] || \
	[ "$(readlink "$file")" != "$(basename "$ourfile")" -a \
	  "$(readlink "$file")" != "$(basename "$theirfile")" ]; then
	echo "*** OMINOUS WARNING ***: $file is not linked to either $(basename "$ourfile") or $(basename "$theirfile")" >&2
    fi
}

displace_link()
{
    prefix=$1
    suffix=$2

    file=$prefix$suffix
    ourfile=$prefix$ours$suffix
    theirfile=$prefix$theirs$suffix
    displace_link_displace "$file" "$ourfile" "$theirfile"
    displace_link_symlink "$file" "$ourfile" "$theirfile"
}

displace_hide()
{
    file=$1
    ourfile=""
    theirfile=$2
    displace_link_displace "$file" "$ourfile" "$theirfile"
}

undisplace_unlink_symlink()
{
    file="$1"
    ourfile="$2"
    theirfile="$3"
    if [ ! -L "$file" ] || \
	[ "$(readlink "$file")" != "$(basename "$ourfile")" -a \
	  "$(readlink "$file")" != "$(basename "$theirfile")" ]; then
	echo "*** OMINOUS WARNING ***: $file is not linked to either $(basename "$ourfile") or $(basename "$theirfile")" >&2
    else
	rm -f "$file"
    fi
}

undisplace_unlink_displace()
{
    file="$1"
    if [ ! -L "$file" ] && [ ! -e "$file" ]; then
	dpkg-divert --remove --rename --package "$package" "$file"
    else
	echo "Not removing diversion of $file by $package" >&2
    fi
}

undisplace_unlink()
{
    prefix=$1
    suffix=$2

    file=$prefix$suffix
    ourfile=$prefix$ours$suffix
    theirfile=$prefix$theirs$suffix

    undisplace_unlink_symlink "$file" "$ourfile" "$theirfile"
    undisplace_unlink_displace "$file"
}

undisplace_unhide()
{
    file=$1
    undisplace_unlink_displace "$file"
}

check_undisplace_unlink()
{
    prefix=$1
    suffix=$2

    file=$prefix$suffix
    ourfile=$prefix$ours$suffix
    theirfile=$prefix$theirs$suffix

    if LC_ALL=C dpkg-divert --list "$package" | \
	grep -xFq "diversion of $file to $theirfile by $package"; then
	undisplace_unlink "$prefix" "$suffix"
    fi
}

check_undisplace_unhide()
{
    file=$1
    hiddenfile=$2
    if LC_ALL=C dpkg-divert --list "$package" | \
	grep -xFq "diversion of $file to $hiddenfile by $package"; then
	undisplace_unhide "$file"
    fi
}

# End of divert.sh.in
if [ "$1" = "configure" ]; then
    displace_link /etc/apparmor.d/abstractions/kerberosclient 
    displace_link /etc/apparmor.d/abstractions/base 
    displace_link /etc/apparmor.d/abstractions/cups-client 
    displace_link /etc/apparmor.d/abstractions/X 
    displace_link /etc/apparmor.d/abstractions/xdg-desktop 
    displace_link /etc/apparmor.d/abstractions/nameservice 
    displace_hide /etc/apparmor.d/usr.sbin.cupsd /usr/share/debathena-apparmor-config/etc++apparmor.d++usr.sbin.cupsd
    displace_hide /etc/apparmor.d/usr.sbin.ntpd /usr/share/debathena-apparmor-config/etc++apparmor.d++usr.sbin.ntpd
fi


package=debathena-apparmor-config
ours=.debathena
theirs=.debathena-orig

undivert_unlink_symlink()
{
    file="$1"
    ourfile="$2"
    theirfile="$3"
    if [ ! -L "$file" ] || \
        [ "$(readlink "$file")" != "$(basename "$ourfile")" -a \
          "$(readlink "$file")" != "$(basename "$theirfile")" ]; then
        echo "*** OMINOUS WARNING ***: $file is not linked to either $(basename "$ourfile") or $(basename "$theirfile")" >&2
    else
        rm -f "$file"
    fi
}

undivert_unlink_divert()
{
    file="$1"
    if [ ! -L "$file" ] && [ ! -e "$file" ]; then
        dpkg-divert --remove --rename --package "$package" "$file"
    else
        echo "Not removing diversion of $file by $package" >&2
    fi
}

undivert_unlink()
{
    prefix=$1
    suffix=$2

    file=$prefix$suffix
    ourfile=$prefix$ours$suffix
    theirfile=$prefix$theirs$suffix

    undivert_unlink_symlink "$file" "$ourfile" "$theirfile"
    undivert_unlink_divert "$file" "$package"
}

cleanup_old_diversion() {
    file="$1"
    if dpkg-divert --list "${file}" | grep -Fxq "diversion of ${file} to ${file}${theirs} by ${package}"; then
        undivert_unlink "$file"
    fi
}

cleanup_old_removal() {
    file="$1"
    removedfile="$2"
    if dpkg-divert --list "${file}" | grep -Fxq "diversion of ${file} to ${removedfile} by ${package}"; then
	undivert_unlink_divert "$file"
    fi
}

case "$1" in
    configure)
	if [ -d /etc/apparmor.d/tunables/home.d ]; then
	    cleanup_old_diversion /etc/apparmor.d/tunables/home
	fi

	# Ensure local files exist
	# This should be replaced with something less stupid
	if fgrep -q '#include <local/' /etc/apparmor.d/*.debathena; then
	  mkdir -p /etc/apparmor.d/local
	  for f in usr.sbin.cupsd usr.sbin.ntpd; do
	    [ -f "/etc/apparmor.d/local/$f" ] || touch "/etc/apparmor.d/local/$f"
	  done
	fi

	if hash apparmor_status 2>/dev/null && apparmor_status --enabled; then
	    if hash invoke-rc.d 2>/dev/null; then
		invoke-rc.d apparmor reload
	    else
		/etc/init.d/apparmor reload
	    fi
	fi
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

exit 0