#!/bin/sh
# postinst script for apparmor
#
# see: dh_installdeb(1)
set -e

. /usr/share/debconf/confmodule

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

case "$1" in
    configure|abort-remove|abort-deconfigure)

	# Try to determine values for apparmor/homedirs if the administrator
	# hasn't already.
	if dpkg --compare-versions "$2" lt-nl "2.5~pre+bzr1362-0ubuntu2"; then
	    db_get apparmor/homedirs
            if [ -z "$RET" ]; then
		# Get unique dirnames for uids between 1000 and 30000, then
		# format them appropriately for AppArmor
		dirs=`awk -F: '$3 >= 1000 && $3 < 30000 {printf "%s\n", $6}' /etc/passwd | xargs -d '\n' -n 1 dirname | grep -v '^/home$' | sed -e 's#\(.*\)#\\1/#g' | sed -e '/ / { s#\(.*\)#"\\1"#g }' | sort -u | tr '\n' ' '`
		if [ -n "$dirs" ]; then
		    db_set apparmor/homedirs "$dirs"
		fi
	    fi
	fi

	db_get apparmor/homedirs
	tmp=`mktemp`
        cat > "$tmp" <<EOM
# This file is auto-generated. It is recommended you update it using:
# $ sudo dpkg-reconfigure apparmor
#
# The following is a space-separated list of where additional user home
# directories are stored, each must have a trailing '/'. Directories added
# here are appended to @{HOMEDIRS}.  See tunables/home for details.
EOM
        if [ -n "$RET" ]; then
            cat >> "$tmp" <<EOM
@{HOMEDIRS}+=$RET
EOM
        else
            cat >> "$tmp" <<EOM
#@{HOMEDIRS}+=
EOM
        fi
        mkdir -p /etc/apparmor.d/tunables/home.d 2>/dev/null || true
        mv -f "$tmp" /etc/apparmor.d/tunables/home.d/ubuntu
        chmod 644 /etc/apparmor.d/tunables/home.d/ubuntu
	;;

    abort-upgrade)
	# Nothing to do
	;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# drop old scripts that were incorrectly installed as conffiles
if dpkg-maintscript-helper supports rm_conffile; then
    dpkg-maintscript-helper rm_conffile /etc/apparmor/functions 2.5.1-0ubuntu4 -- "$@"
    dpkg-maintscript-helper rm_conffile /etc/apparmor/rc.apparmor.functions 2.5.1-0ubuntu4 -- "$@"
fi

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

# Automatically added by dh_installinit
if [ -x "/etc/init.d/apparmor" ]; then
	update-rc.d apparmor start 37 S . >/dev/null
	invoke-rc.d apparmor start || true
fi
# End automatically added section


# Now that AppArmor is started, attempt to reload profiles in the
# case of upgrades (since dh_installinit has been forced not to unload
# the profiles in the case of an upgrade).
case "$1" in
    configure)
        if [ -x "/etc/init.d/apparmor" ]; then
            if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
                invoke-rc.d apparmor reload || true
            else
                /etc/init.d/apparmor reload || true
            fi
        fi
        ;;
esac

exit 0