#!/bin/sh

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#
# quoting from the policy:
#     Any necessary prompting should almost always be confined to the
#     post-installation script, and should be protected with a conditional
#     so that unnecessary prompting doesn't happen if a package's
#     installation fails and the `postinst' is called with `abort-upgrade',
#     `abort-remove' or `abort-deconfigure'.

case "$1" in
    configure)
	# Add logcheck user
	# check for logcheck user or bad version without home
	# touch cron job on updating accounts to fix #284788
	if ! getent passwd logcheck > /dev/null; then
	  adduser --quiet --system --home /var/lib/logcheck --no-create-home \
      --group logcheck ||true
	  touch /etc/cron.d/logcheck || true
	fi

	# check for logcheck group in case account exists without group
	if ! getent group logcheck >/dev/null; then
	  addgroup --system logcheck
    usermod -g logcheck logcheck
	fi  

  # make sure the home directory exists
  if [ ! -d "$(getent passwd logcheck | cut -d: -f6)" ]; then
    usermod -d /var/lib/logcheck logcheck > /dev/null || true
  fi

	# check for logcheck in adm group
	if ! getent group adm | grep logcheck > /dev/null; then
	  adduser --quiet logcheck adm || true
	fi  

	# add logcheck to /etc/aliases
	if [ -f /etc/aliases ] || [ -L /etc/aliases ]; then
    if ! grep -qi "^logcheck[[:space:]]*:" /etc/aliases; then
      echo "logcheck: root" >> /etc/aliases
      test -x "$(command -v newaliases)" && newaliases || :
    fi
	fi

  # give logcheck system user a real name unless it has one.
  if [ -z "$(getent passwd logcheck | cut -d: -f5)" ]; then
    chfn -f 'logcheck system account' logcheck
  fi

	# Add logcheck mail header on install
        if [ ! -n "$2" ] && [ ! -f /etc/logcheck/header.txt ]; then
          cp -p /usr/share/logcheck/header.txt /etc/logcheck
        fi

	# Fix permissions for lock on install or upgrade
	if [ ! -n "$2" ] || dpkg --compare-versions "$2" lt "1.2.39"; then
          chown -R logcheck:logcheck /var/lock/logcheck || true
	  chmod 755 /var/lock/logcheck || true
        fi

	# Unconditionalizing this for now as we have files that are
	# unreadable upon upgrade.  <ttroxell@debian.org>
	chgrp -R logcheck /etc/logcheck || true

    	# Set Permissions on install, not upgrade
	if [ ! -n "$2" ]; then
          chmod 2750 /etc/logcheck/ignore.d.paranoid || true
          chmod 2750 /etc/logcheck/ignore.d.workstation || true
          chmod 2750 /etc/logcheck/ignore.d.server || true
          chmod 2750 /etc/logcheck/cracking.d || true
          chmod 2750 /etc/logcheck/cracking.ignore.d || true
          chmod 2750 /etc/logcheck/violations.d || true
          chmod 2750 /etc/logcheck/violations.ignore.d || true
    	  chmod -R g+rX /etc/logcheck || true
          # just in case
          chown logcheck /var/lock/logcheck > /dev/null || true
	fi
    	chown -R logcheck:logcheck /var/lib/logcheck || true
    	chmod 0770 /var/lib/logcheck || true

	;;
    
    abort-upgrade|abort-remove|abort-deconfigure)
	
	;;
    
    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
	;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.



exit 0