#! /bin/sh
# postinst script for fcron

set -e
. /usr/share/debconf/confmodule
db_stop

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see /usr/share/doc/packaging-manual/
#
# quoting from the policy:
#     Any necessary prompting should almost always be confined to the
#     post-installation script, and should be protected with a conditional
#     so that unnecessary prompting doesn't happen if a package's
#     installation fails and the `postinst' is called with `abort-upgrade',
#     `abort-remove' or `abort-deconfigure'.

case "$1" in
    configure)
	#
	# Create user fcron and chown spool
	#
	cd /var/spool/fcron
	adduser --system --group --home /var/spool/fcron --no-create-home --disabled-password fcron >/dev/null 2>&1
	chown fcron:fcron /var/spool/fcron
	# add dpkg-statoverride here after dpkg 1.9.x is out

	#
	# Reenable local user fcrontabs removed by 0.9.3-5..7
	#
	[ -d /var/spool/fcron/rxdisabled ] && {
		echo "Trying to reenable fcrontabs disabled by security patch..."
		userftb=
		for i in `find /var/spool/fcron/rxdisabled -type f \
			  ! -name '.*' -maxdepth 1 -print0 | xargs -0` ; do
			fcrontabname="`basename ${i}`"
			# we can salvage only uncompiled fcrontabs
			if [ "${fcrontabname%.orig}" != "${fcrontabname}" ] ; then
				if [ ! -e /var/spool/fcron/${fcrontabname} ] ; then
					mv /var/spool/fcron/rxdisabled/${fcrontabname} /var/spool/fcron/
					userftb="${userftb} ${fcrontabname%.orig}"
				fi
			else
				rm -f "${i}" || true
			fi
		done
		if rmdir /var/spool/fcron/rxdisabled >/dev/null 2>&1 ; then
			[ "${userftb}" != "" ] && echo "Reinstaled fcrontabs for user(s): " ${userftb}
		else
			echo "Failed to reinstall all previously disabled user fcrontabs."
			echo "Please check /var/spool/fcron and /var/spool/fcron/rxdisabled manually,"
			echo "and remove the rxdisabled subdirectory when done."
		fi
	}

	#
	# Ensures correct owner and group for all fcrontabs
	#
	find /var/spool/fcron -type f ! -name '*.*' -exec chown root:root {} \;
	find /var/spool/fcron -type f ! -name 'root.*' -name '*.*' -exec chown fcron:fcron {} \;
	chown root:fcron root.* *.root >/dev/null 2>&1 || true

	#
	# Setgid/setuid fcrontab binary
	#
	OVERRIDEN=
	OVERRIDEN=`dpkg-statoverride --list /usr/bin/fcrontab` || true
	[ "${OVERRIDEN}" = "" ] && dpkg-statoverride --update --add fcron fcron 6755 /usr/bin/fcrontab
	OVERRIDEN=
	OVERRIDEN=`dpkg-statoverride --list /usr/bin/fcronsighup` || true
	[ "${OVERRIDEN}" = "" ] && dpkg-statoverride --update --add root fcron 4750 /usr/bin/fcronsighup

	#
        # Makes sure we have no version incompatibilities on compiled
	# fcrontabs
	#
    	fcron-update-crontabs >/dev/null 2>&1
	chgrp fcron /etc/fcron.conf /etc/fcron.allow /etc/fcron.deny
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 0
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0
