#!/bin/sh
# preinst script for core-agent-linux
#
# see: dh_installdeb(1)

set -e

# The preinst script may be called in the following ways:
#   * <new-preinst> 'install'
#   * <new-preinst> 'install' <old-version>
#   * <new-preinst> 'upgrade' <old-version>
#
#     The package will not yet be unpacked, so the preinst script cannot rely
# on any files included in its package. Only essential packages and
# pre-dependencies (Pre-Depends) may be assumed to be available.
# Pre-dependencies will have been configured at least once, but at the time the
# preinst is called they may only be in an "Unpacked" or "Half-Configured" state
# if a previous version of the pre-dependency was completely configured and has
# not been removed since then.
#
#
#  * <old-preinst> 'abort-upgrade' <new-version>
#
#    Called during error handling of an upgrade that failed after unpacking the
# new package because the postrm upgrade action failed. The unpacked files may
# be partly from the new version or partly missing, so the script cannot rely
# on files included in the package. Package dependencies may not be available.
# Pre-dependencies will be at least "Unpacked" following the same rules as
# above, except they may be only "Half-Installed" if an upgrade of the
# pre-dependency failed.[46]
#
#    For details, see http://www.debian.org/doc/debian-policy/ or
# https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html or
# the debian-policy package

if [ "$1" = "install" ] ; then
    # --------------------------------------------------------------------------
    # Required groups
    # --------------------------------------------------------------------------
    groupadd --force --system qubes
    groupadd --force --system sudo

    # --------------------------------------------------------------------------
    # User add / modifications
    # --------------------------------------------------------------------------
    id -u 'user' >/dev/null 2>&1 || {
        useradd --user-group --create-home --shell /bin/bash user
    }
    id -u 'tinyproxy' >/dev/null 2>&1 || {
        useradd --user-group --system --no-create-home --home /run/tinyproxy --shell /bin/false tinyproxy
    }
    usermod --lock --append --groups qubes user

    # --------------------------------------------------------------------------
    # Remove `mesg` from root/.profile?
    # --------------------------------------------------------------------------
    sed -i -e '/^mesg n/d' /root/.profile
fi

if [ "$1" = "upgrade" ] ; then
    ## Fix static gid issue for in place template upgrades.
    ## https://github.com/QubesOS/qubes-issues/issues/1105
    if grep -q ^qubes:x:98: /etc/group ; then
        if ! grep -q :980: /etc/group ; then
            if groupmod -g 980 qubes ; then
                # make sure that vchan will still work until VM start
                chmod 666 /dev/xen/* /proc/xen/privcmd
                find / -gid 98 ! -type l -exec chgrp --verbose qubes {} \; 2>/dev/null || true
            fi
        fi
    fi
    ## Allow passwordless login for user "user" (when using 'sudo xl console').
    ## https://github.com/QubesOS/qubes-issues/issues/1130
    if grep -q '^user:\!:' /etc/shadow ; then
        passwd user --delete >/dev/null || true
    fi
fi

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0

# vim: set ts=4 sw=4 sts=4 et :