#!/bin/sh
# postinst script for cacert-dev-image
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package


case "$1" in
    configure)
        # clean up */etc/hosts
        sed --regexp-extended --in-place -e '
            # remove non-local aliases
            /^[.[:digit:]]+\s+[-[:alnum:]]+\.it-sls\.de\b/ {
                s/\b[-[:alnum:]]+\.it-sls\.de\b\s+//
            }
            
            # comment out 127.0.1.1 line as it is useless
            # and leads to problems
            /^127\.0\.1\.1\s/ {
                s/^/# /
            }' /etc/hosts /home/cacert/etc/hosts
        
        # let bind ask on any available address
        if [ -f /etc/bind/named.conf.options ]; then
            sed --regexp-extended --in-place -e '
                /^\s*query-source address\s+[.[:digit:]]+;$/ {
                    s/^(\s*)query-source/\1\/\/query-source/
                }' /etc/bind/named.conf.options
        fi
        
        # replace IP addresses in Apache config and disable stamp server
        APACHE_CONFIG='/home/cacert/etc/apache2/sites-available/cacert'
        tmp=$(mktemp "$APACHE_CONFIG.XXXX")
        sed --regexp-extended -e '
            /^(NameVirtualHost|<VirtualHost)\s*[.[:digit:]]+:(80|443)/ {
                s/\b10\.38\.6\.74\b/cacert1/;
                s/\b10\.38\.6\.79\b/secure1/
            }' "$APACHE_CONFIG" | \
        awk '
            BEGIN {
                sectionLinesIndex = 0
            }
            
            # if the section contains the stamp service it should be commented
            /^[^#]*ServerName stamp\.cacert\.org/ {
                linePrefix = "#"
            }
            
            # detect relevant sections and store them in a buffer
            /^[^#]*<VirtualHost cacert1:[0-9]+>/,/^[^#]*<\/VirtualHost>/ {
                inSection = 1
                sectionLines[sectionLinesIndex] = $0
                sectionLinesIndex++
            }
            
            # if we are on the end tag output the buffer
            /^[^#]*<\/VirtualHost>/ {
                # print buffer prefixed
                for (i=0; i < sectionLinesIndex; i++) {
                    print linePrefix sectionLines[i]
                }
                
                # reset all relevant variables for the next section
                sectionLinesIndex = 0
                linePrefix = ""
            }
            
            # print outside sections
            {
                if (inSection) {
                    # reset flag and do nothing
                    inSection = 0
                } else {
                    print
                }
            }
            
            END {
                # if there is still something in the buffer, then print it
                for (i=0; i < sectionLinesIndex; i++) {
                    print linePrefix sectionLines[i]
                }
            }' > "$tmp" && mv "$tmp" "$APACHE_CONFIG"

        # adjust application configuration
        sed --regexp-extended --in-place -e '
            /^\s*\$_SESSION\['\''_config'\''\]\['\''(normal|secure)hostname'\''\]\s*=\s*"(cacert1|secure1)\.it-sls\.de";\s*$/ {
                s/\.it-sls\.de//
            }' /home/cacert/www/includes/mysql.php
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

ucf --three-way /usr/share/cacert-dev-image/firewall.sh /root/firewall.sh
ucf --three-way /usr/share/cacert-dev-image/interfaces /etc/network/interfaces

cat << "MSG"
Networking settings updated.
Execute "/etc/init.d/networking restart" and "/root/firewall.sh" as root for
them to become effective.
MSG


# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0


