#! /bin/sh
# postinst script for rkhunter
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#

. /usr/share/debconf/confmodule

case "$1" in
    configure)

        tempfile=`mktemp`
        cp -p /usr/share/rkhunter/default.conf ${tempfile}

        # Merge debconf values into the configuration
        for foo in CRON_DB_UPDATE CRON_DAILY_RUN APT_AUTOGEN; do
                template=$(echo ${foo} | tr '[:upper:]' '[:lower:]')
            	db_get rkhunter/${template}
                sed -i -re "s@^(${foo}=).*@\1\"${RET}\"@" "$tempfile"
        done

        ucf --debconf-ok ${tempfile} /etc/default/rkhunter
        ucfr rkhunter /etc/default/rkhunter
        rm -f ${tempfile}

	# If upgrading, make sure permissions are correctly set as previous
        # versions of the package (until 1.3.4-2) used to set them incorrectly
        if [ -n "$2" ]; then
            if dpkg --compare-versions $2 lt 1.3.4-2; then
                chmod 750 /var/lib/rkhunter/db
                chmod 750 /var/lib/rkhunter/tmp
                chmod 750 /var/lib/rkhunter/db/i18n
            fi
        fi

	# Copy the passwd/group files to the TMP directory
	# to avoid warnings when rkhunter is first run.
	# This is normally done by the installer script.
	RKH_TMP_DIR=$(grep '^TMPDIR' /etc/rkhunter.conf | sed 's/TMPDIR=//')
	[ -f $RKH_TMP_DIR/passwd ] || cp -p /etc/passwd $RKH_TMP_DIR >/dev/null 2>&1
	[ -f $RKH_TMP_DIR/group ] || cp -p /etc/group $RKH_TMP_DIR >/dev/null 2>&1


        # Only update the file properties database if the hashes and attributes
        # tests are not disabled either in /etc/rkhunter.conf AND if the automatic
        # database update is disabled in case of an upgrade (in order to avoid calling
        # --propupd twice (see #471389)

        # TODO: check what needs to be done on reconfigure
        # (note: debconf sets $DEBCONF_RECONFIGURE=1 when a package is reconfigured)

        # UPGRADE
        if [ -n "$2" ]; then
            if [ "$APT_AUTOGEN" = "false" ] && ! grep -q -E '^DISABLE_TESTS=.*(hashes.*attributes|attributes.*hashes|properties)' /etc/rkhunter.conf || \
                  grep -q -E '^ENABLE_TESTS=.*(hashes|attributes|properties)' /etc/rkhunter.conf; then
                  # Update the file properties database
                  rkhunter --propupd --nolog || true
            fi

        # CLEAN INSTALL
        else
	    # These tests are enabled by default - just make sure the file properties database isn't created
	    # in case they are disabled by default in the future
            if ! grep -q -E '^DISABLE_TESTS=.*(hashes.*attributes|attributes.*hashes|properties)' /etc/rkhunter.conf || \
                  grep -q -E '^ENABLE_TESTS=.*(hashes|attributes|properties)' /etc/rkhunter.conf; then
                  # Create the file properties database
                  rkhunter --propupd --nolog || true
            fi
        fi
    ;;

    #triggered)
    #	rkhunter --propupd --nolog || true
    #;;

    abort-upgrade|abort-remove|abort-deconfigure)

    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0
