#!/bin/sh

set -e

case "$1" in
  configure)
    [ -f "/etc/default/cacert-goocsp" ] && . /etc/default/cacert-goocsp

    [ -z "$GOOCSP_HOME" ] && GOOCSP_HOME=/var/lib/goocsp
    [ -z "$GOOCSP_USER" ] && GOOCSP_USER=cacert-goocsp
    [ -z "$GOOCSP_NAME" ] && GOOCSP_NAME="CAcert OCSP responder"
    [ -z "$GOOCSP_GROUP" ] && GOOCSP_GROUP=cacert-goocsp

    # create user to avoid running cacert-goocsp as root
    # 1. create group if not existing
    if ! getent group | grep -q "^$GOOCSP_GROUP" ; then
      echo -n "Adding group $GOOCSP_GROUP.."
      addgroup --quiet --system $GOOCSP_GROUP 2>/dev/null || true
      echo "..done"
    fi
    # 2. create homedir if not existing
    test -d "$GOOCSP_HOME" || mkdir "$GOOCSP_HOME"
    # 3. create user if not existing
    if ! getent passwd | grep -q "^$GOOCSP_USER"; then
      echo -n "Adding system user $GOOCSP_USER.."
      adduser --quiet \
              --system \
              --ingroup $GOOCSP_GROUP \
              --no-create-home \
              --disabled-password \
              $GOOCSP_USER 2>/dev/null || true
      echo "..done"
    fi
    # 4. adjust passwd entry
    usermod -c "$GOOCSP_NAME" \
            -d $GOOCSP_HOME \
            -g $GOOCSP_GROUP \
               $GOOCSP_USER || true
    # 5. adjust file and directory permissions
    if ! dpkg-statoverride --list $GOOCSP_HOME >/dev/null
    then
      chown -R $GOOCSP_USER:adm $GOOCSP_HOME
      chmod u=rwx,g=rxs,o= $GOOCSP_HOME
    fi
    ;;
esac