#!/bin/sh
# postinst script for schlittermann-ssh-keys
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

tmp=$(mktemp)
trap "rm -f $tmp" EXIT

update_log_level() {
    test -f /etc/ssh/sshd_config || return
    perl -pe 's/^LogLevel\s+\K.*/VERBOSE/' </etc/ssh/sshd_config >$tmp
    test $(wc -l <$tmp) = $(wc -l </etc/ssh/sshd_config) || return 0
    cat <$tmp >/etc/ssh/sshd_config
    rm -f $tmp
}

need_sshd_env() {
    tmp="$1"
    var="$2"
    grep -q '^AcceptEnv[[:space:]]\+.*\<'"$var"'\>' /etc/ssh/sshd_config \
	|| echo "AcceptEnv $var" >> $tmp
}

update_sshd_config() {
    tmp=$(mktemp)
    out=$(mktemp)
    trap 'rm $tmp $out' EXIT

    need_sshd_env $tmp INPUTRC
    need_sshd_env $tmp EDITOR
    need_sshd_env $tmp IUS_USER
    need_sshd_env $tmp IUS_PROFILE
    need_sshd_env $tmp REMOTE_USER
    need_sshd_env $tmp HGUSER
    need_sshd_env $tmp HGRCPATH

    test -s $tmp || return 0

    file=$tmp perl >$out <<'_'
        open($f, '/etc/ssh/sshd_config') or die "Can't open sshd_config: $!\n";
        my @conf;
        while (<$f>) {
            /^Match\s/ and last;
            push @conf, $_;
        }
        push @conf, "# autoadded by schlittermann-ssh-keys\n",
            do { local @ARGV = $ENV{file}; <> }, 
            $_, <$f>;
        print @conf;
_
    test $(stat -c%s $out) -ge $(stat -c%s /etc/ssh/sshd_config)
    cp --backup=numbered -p /etc/ssh/sshd_config /etc/ssh/sshd_config~
    cat $out > /etc/ssh/sshd_config

    if which systemctl >/dev/null; then
	systemctl try-reload-or-restart ssh.service
    else
	invoke-rc.d ssh reload || service ssh reload
    fi
}

fix_local() {
    file=/root/.ssh/authorized_keys.local
    test -s "$file" || return 0

    tmp=$(mktemp)
    grep -v \
'AAAAB3NzaC1yc2EAAAADAQABAAABAQCU2gtwCDaZfKgzyvakquc1fpX3lQPQ9Dtwag'\
'gPoqmZ3lt3O5ou0+wNnWviqURmp8sDibYmwdkxf41qza25baW4TiQL7KLtP3nXmUNMaUwG'\
'Ebf4FEYESxr0b3mmPxBP88lgJi6s9RWCVKGHMgLxkZd2IgIG3gwTLKwlKSReUu+7MYNN/0'\
'BI6Tuo4nHxXUgux72MHwvyizlN53JFipBJRSRtRv19PnMMNx9spe7Jmf2v67OJ6JXDzpfa'\
'b7WT6krss1t2dyQZLWnlWTxjK8arQjoEOBwl4VkjXbbopTt6+To8LdZiS39VQBZvKDgfPw'\
'GVHigxjRSSZfVYyF+lADoXWJBF' \
    < $file > $tmp    || true
    if ! test -s $tmp || ! cmp $tmp $file >/dev/null
    then
	cat $tmp > $file
    fi
    rm -f $tmp
}

case "$1" in
    configure)
	fix_local
	update-schlittermann-ssh-keys

	update_log_level
	update_sshd_config
	if which systemctl >/dev/null; then
	    systemctl try-reload-or-restart ssh.service
	else
	    invoke-rc.d ssh reload || service ssh reload
	fi
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0


