#!/bin/sh

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package

# $1 = version of the package being upgraded.
install() {
    if [ -f /etc/default/epoptes ]; then
        . /etc/default/epoptes || true
    fi
    SOCKET_GROUP=${SOCKET_GROUP:-epoptes}
    if ! getent group "$SOCKET_GROUP" >/dev/null; then
        addgroup --system "$SOCKET_GROUP"
    fi

    if ! [ -f /etc/epoptes/server.key ] || ! [ -f /etc/epoptes/server.crt ]
    then
        openssl req -batch -x509 -nodes -newkey rsa:1024 -days 3652 \
        -subj '/C=AU/ST=Some-State/L=/O=Internet Widgits Pty lTD/OU=/CN=server' \
	-keyout /etc/epoptes/server.key	-out /etc/epoptes/server.crt
        chmod 600 /etc/epoptes/server.key
        echo '
A new OpenSSL certificate has been generated for epoptes.
Please ensure that you transfer /etc/epoptes/server.crt
to your clients by issuing `epoptes-client -c` from your
regular workstations or from your LTSP chroots.' >&2
    fi
}

case "$1" in
    configure)
        install "$2"
        ;;

    abort-upgrade|abort-remove|abort-deconfigure)
        ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
        ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0