#! /bin/sh
# postinst script for buildd
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see /usr/share/doc/packaging-manual/
#
# quoting from the policy:
#     Any necessary prompting should almost always be confined to the
#     post-installation script, and should be protected with a conditional
#     so that unnecessary prompting doesn't happen if a package's
#     installation fails and the `postinst' is called with `abort-upgrade',
#     `abort-remove' or `abort-deconfigure'.

case "$1" in
    configure)

        if ! getent passwd buildd > /dev/null; then
            adduser --system --quiet --home /var/lib/buildd --no-create-home \
		--shell /bin/bash --group --gecos "Debian build daemon" buildd
        fi
	# Unlock account in case it was locked from previous purge.
	usermod -U -e '' buildd

        # check validity of buildd user and group
	if [ "$(id -u buildd)" -eq 0 ]; then
            echo "The buildd system user must not have uid 0 (root).
Please fix this and reinstall this package." >&2
            exit 1
	fi
	if [ "$(id -g buildd)" -eq 0 ]; then
            echo "The buildd system user must not have root as primary group.
Please fix this and reinstall this package." >&2
            exit 1
	fi

	# Home directory ownership
        chown buildd:buildd /var/lib/buildd
	chown buildd:buildd /var/lib/buildd/.forward
	chown buildd:buildd /var/lib/buildd/.ssh
	chown buildd:buildd /var/lib/buildd/build
	chown buildd:buildd /var/lib/buildd/logs
	chown buildd:buildd /var/lib/buildd/mqueue
	chown buildd:buildd /var/lib/buildd/old-logs
	chown buildd:buildd /var/lib/buildd/stats
	chown buildd:buildd /var/lib/buildd/stats/graphs
	chown buildd:buildd /var/lib/buildd/upload
	chown buildd:buildd /var/lib/buildd/upload-security

	# Home directory permissions
        chmod 2770 /var/lib/buildd
	chmod 2640 /var/lib/buildd/.forward
	chmod 2700 /var/lib/buildd/.ssh
	chmod 2770 /var/lib/buildd/build
	chmod 2770 /var/lib/buildd/logs
	chmod 2770 /var/lib/buildd/mqueue
	chmod 2770 /var/lib/buildd/old-logs
	chmod 2770 /var/lib/buildd/stats
	chmod 2770 /var/lib/buildd/stats/graphs
	chmod 2770 /var/lib/buildd/upload
	chmod 2770 /var/lib/buildd/upload-security

        # Drop the irrelevant options run-setup-scripts / run-exec-scripts, see #579926
	# Use buildd/config in place of old script-defaults.buildd
        find /etc/schroot/chroot.d/ -name 'buildd-*' -print0 | xargs -0 -r sed -e 's/^run-setup-scripts=/#&/' -e 's/^run-exec-scripts=/#&/' -e 's;^script-config=script-defaults\.buildd;script-config=buildd/config;' -i

        ;;

    abort-upgrade|abort-remove|abort-deconfigure)

        ;;

    *)

        echo "postinst called with unknown argument \`$1'" >&2
        exit 0

	;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

# Automatically added by dh_installinit
if [ -x "/etc/init.d/buildd" ]; then
	update-rc.d buildd defaults >/dev/null || exit $?
fi
# End automatically added section


exit 0
