#!/bin/sh
set -e

log_debug() {
	echo "Debug: piuparts exception for package $PIUPARTS_OBJECTS"
}

is_installed()
{
	local pkg="$1"
	dpkg-query -s "$pkg" >/dev/null 2>&1 || return 1
	local status="$(dpkg-query -W -f '${Status}' $pkg)"
	test "$status" != "unknown ok not-installed" || return 1
	test "$status" != "deinstall ok config-files" || return 1
	return 0
}

# E: Could not perform immediate configuration on ...
rm -fv /etc/apt/apt.conf.d/piuparts-disable-immediate-configure

if [ "$PIUPARTS_DISTRIBUTION" = "squeeze" ]; then

	case ${PIUPARTS_OBJECTS%%=*} in
		linpopup)
			# package removed after lenny
			log_debug
			for file in /var/lib/linpopup/messages.dat
			do
				test ! -f "$file" || chmod -c o-w "$file"
			done
			;;
	esac

fi

if [ "$PIUPARTS_DISTRIBUTION" = "wheezy" ]; then

	# https://bugs.debian.org/687611
	if [ -f /usr/share/keyrings/debian-archive-removed-keys.gpg~ ]; then
		echo "FIXING /usr/share/keyrings/debian-archive-removed-keys.gpg~"
		mv -v /usr/share/keyrings/debian-archive-removed-keys.gpg~ /usr/share/keyrings/debian-archive-removed-keys.gpg
	fi

	case ${PIUPARTS_OBJECTS%%=*} in
		kismet|\
		tshark|\
		wireshark|\
		wireshark-common|\
		wireshark-dbg|\
		libcap2-bin)
			# libcap2-bin/wheezy is part of the minimal chroot and recommends libpam-cap
			# a conffile moved from libcap2-bin/squeeze to libpam-cap/wheezy
			log_debug
			apt-get install -yf libpam-cap
			;;
		ogre-doc-nonfree)
			# #773059 - ogre-doc: unhandled symlink to directory conversion: /usr/share/doc/PACKAGE
			# package removed after lenny
			log_debug
			apt-get install -yf ogre-1.8-doc
			;;
		phpgacl)
			# #682825
			# package not in wheezy
			log_debug
			for dir in /usr/share/phpgacl/admin/templates_c
			do
				test ! -d "$dir" || chmod -c o-w "$dir"
			done
			;;
	esac

fi

if [ "$PIUPARTS_DISTRIBUTION" = "jessie" ]; then

	# base-files only upgrades pristine /etc/nsswitch.conf
	if ! grep -q ^gshadow: /etc/nsswitch.conf ; then
		echo "Adding gshadow line to /etc/nsswitch.conf"
		sed -i '/^shadow:/a gshadow:        files' /etc/nsswitch.conf
	fi

fi

if [ "$PIUPARTS_DISTRIBUTION" = "stretch" ]; then

	# debianutils in jessie shipped /usr/share/man/sl/*/ with mode 0775
	find /usr/share/man/sl -type d -perm /020 -exec chmod -c g-w {} +

	# fakeroot:i386 in jessie shipped /usr/share/man/**/ with mode 0775 (#826318)
	if is_installed fakeroot ; then
		find /usr/share/man -type d -perm /020 -exec chmod -c g-w {} +
	fi

	# git:i386 in jessie shipped /usr/share/locale/**/ with mode 0775
	if is_installed git ; then
		find /usr/share/locale -type d -perm /020 -exec chmod -c g-w {} +
	fi

fi

if [ "$PIUPARTS_DISTRIBUTION_PREV" = "stretch" ]; then

	case ${PIUPARTS_OBJECTS%%=*} in
		design-desktop*)
			#850948: needrestart/stretch may hang during upgrade
			log_debug
			dpkg-divert --remove --rename /usr/lib/needrestart/apt-pinvoke
			;;
	esac

fi

if [ "$PIUPARTS_DISTRIBUTION" = "buster" ]; then

	# libc-bin only upgrades pristine /etc/nsswitch.conf
	if grep -q '^passwd:.*compat' /etc/nsswitch.conf ; then
		echo "Switching from compat to files in /etc/nsswitch.conf"
		sed -r -i '/^(passwd|group|shadow):/ s/compat/files/' /etc/nsswitch.conf
	fi

	# upgrading ca-certificates disables obsolete certificates and appends new certificates
	# normalize and sort the list to match fresh installations
	if [ -f "/etc/ca-certificates.conf" ]; then
		sed -rn '/^#/p' /etc/ca-certificates.conf > /etc/ca-certificates.conf.normalized
		sed -r '/^[#!]/d' /etc/ca-certificates.conf | sort >> /etc/ca-certificates.conf.normalized
		if ! cmp -s /etc/ca-certificates.conf.normalized /etc/ca-certificates.conf ; then
			echo "Normalized /etc/ca-certificates.conf"
			cp /etc/ca-certificates.conf.normalized /etc/ca-certificates.conf
		fi
		rm -f /etc/ca-certificates.conf.normalized
	fi

	# dpkg does not properly clean up directories getting empty and no longer shipped
	for dir in /etc/dbus-1/system.d /etc/dbus-1
	do
		if [ -d "$dir" ]; then
			rmdir --ignore-fail-on-non-empty "$dir"
			test -d "$dir" || echo "removed empty directory '$dir'"
		fi
	done

	# policykit-1 in buster changes the permissions 0755 -> 0700
	if [ -d /var/lib/polkit-1 ]; then
		chmod -c go-rx /var/lib/polkit-1
	fi

	#920760, wontfix, libpam-modules: does not ensure that pam-auth-update gets called after the package was configured
	if ! grep -q mkhomedir /var/lib/pam/seen ; then
		echo "Running pam-auth-update..."
		pam-auth-update
	fi

fi
