#!/bin/sh

# Sudoers
#--------

/usr/sbin/addsudo /bin/cat app-base-core
/usr/sbin/addsudo /bin/chmod app-base-core
/usr/sbin/addsudo /bin/chown app-base-core
/usr/sbin/addsudo /bin/cp app-base-core
/usr/sbin/addsudo /bin/df app-base-core
/usr/sbin/addsudo /bin/grep app-base-core
/usr/sbin/addsudo /bin/kill app-base-core
/usr/sbin/addsudo /bin/ls app-base-core
/usr/sbin/addsudo /bin/mkdir app-base-core
/usr/sbin/addsudo /bin/mv app-base-core
/usr/sbin/addsudo /bin/rpm app-base-core
/usr/sbin/addsudo /bin/rm app-base-core
/usr/sbin/addsudo /bin/rmdir app-base-core
/usr/sbin/addsudo /bin/touch app-base-core
/usr/sbin/addsudo /sbin/shutdown app-base-core
/usr/sbin/addsudo /sbin/service app-base-core
/usr/sbin/addsudo /usr/bin/api app-base-core
/usr/sbin/addsudo /usr/bin/file app-base-core
/usr/sbin/addsudo /usr/bin/find app-base-core
/usr/sbin/addsudo /usr/bin/tail app-base-core
/usr/sbin/addsudo /usr/bin/chfn app-base-core
/usr/sbin/addsudo /usr/bin/du app-base-core
/usr/sbin/addsudo /usr/bin/passwd app-base-core
/usr/sbin/addsudo /usr/bin/systemctl app-base-core
/usr/sbin/addsudo /usr/sbin/app-passwd app-base-core
/usr/sbin/addsudo /usr/sbin/app-realpath app-base-core
/usr/sbin/addsudo /usr/sbin/app-rename app-base-core
/usr/sbin/addsudo /usr/sbin/app-manager app-base-core
/usr/sbin/addsudo /usr/sbin/userdel app-base-core
/usr/sbin/addsudo /usr/bin/yum app-base-core
/usr/sbin/addsudo /usr/bin/yum-config-manager app-base-core
/usr/sbin/addsudo /usr/sbin/yum-install app-base-core
/usr/sbin/addsudo /usr/clearos/sandbox/usr/sbin/httpd app-base-core

# Initialize storage
#-------------------

/usr/sbin/storage

# Import keys
GPG_KEYS="\
RPM-GPG-KEY-CentOS-7 \
RPM-GPG-KEY-CentOS-Debug-7 \
RPM-GPG-KEY-CentOS-Testing-7 \
RPM-GPG-KEY-ClearOS-7 \
RPM-GPG-KEY-ClearOS-Debug-7 \
RPM-GPG-KEY-ClearOS-Testing-7 \
RPM-GPG-KEY-EPEL-7 \
RPM-GPG-KEY-zfsonlinux \
"

for GPG_KEY in $GPG_KEYS; do
    rpm --import /etc/pki/rpm-gpg/$GPG_KEY >/dev/null 2>&1
done

# TODO: move this to clearsync
LINE=`grep "^Cmnd_Alias CLEARSYNC" /etc/sudoers 2>/dev/null`
CHECK=`echo $LINE, | grep /usr/sbin/syncaction,`
if [ -z "$CHECK" ]; then
    ESCAPE=`echo /usr/sbin/syncaction | sed 's/\//\\\\\//g'`
    sed -i -e "s/Cmnd_Alias CLEARSYNC.*=/Cmnd_Alias CLEARSYNC = $ESCAPE,/i" /etc/sudoers
    sed -i -e "s/[[:space:]]*,[[:space:]]*$//i" /etc/sudoers
    chmod 440 /etc/sudoers
fi

# Disable firewalld if it exists
#-------------------------------

if ( [ -e /usr/sbin/firewalld ] && [ ! -e /var/clearos/base/firewalld_disabled ] ); then
    logger -p local6.notice -t installer "app-base-core - disabling firewalld"
    chkconfig firewalld off >/dev/null 2>&1
    touch /var/clearos/base/firewalld_disabled
fi

# Bah.  Selinux policy is stomped on by anaconda
#-----------------------------------------------

if ( [ -d /etc/selinux ] && [ -e /var/clearos/base/wizard ] ); then
    CHECK=`grep ^SELINUX= /etc/selinux/config 2>/dev/null | sed 's/.*=//'`
    if [ -z "$CHECK" ]; then
        logger -p local6.notice -t installer "app-base-core - disabling SELinux with new configuration"
        echo "SELINUX=disabled" >> /etc/selinux/config
    elif [ "$CHECK" != "disabled" ]; then
        logger -p local6.notice -t installer "app-base-core - disabling SELinux"
        sed -i -e 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
    fi
fi

# Grub menu changes
#------------------

if [ -e /etc/default/grub ]; then
    CHECK=`grep "^GRUB_DISTRIBUTOR=" /etc/default/grub`
    if [ -z "$CHECK" ]; then
        logger -p local6.notice -t installer "app-base-core - adding grub distributor"
        echo "GRUB_DISTRIBUTOR=\"ClearOS\"" >> /etc/default/grub
        /usr/sbin/grub2-mkconfig --output=/boot/grub2/grub.cfg >/dev/null 2>&1
    else
        CHECK=`grep "^GRUB_DISTRIBUTOR=.*ClearOS" /etc/default/grub`
        if [ -z "$CHECK" ]; then
            logger -p local6.notice -t installer "app-base-core - updating grub distributor"
            sed -i -e 's/^GRUB_DISTRIBUTOR.*/GRUB_DISTRIBUTOR="ClearOS"/' /etc/default/grub
            /usr/sbin/grub2-mkconfig --output=/boot/grub2/grub.cfg >/dev/null 2>&1
        fi
    fi
fi

# TODO: temporary workaround for nfnetlink
#-----------------------------------------

if [ -e /etc/modprobe.d/app-base.conf ]; then
    rm -f /etc/modprobe.d/app-base.conf
fi

if [ ! -e /etc/modprobe.d/clearos.conf ]; then
    echo "blacklist nfnetlink" > /etc/modprobe.d/clearos.conf
    echo "blacklist nfnetlink_queue" >> /etc/modprobe.d/clearos.conf
    echo "blacklist nfnetlink_log" >> /etc/modprobe.d/clearos.conf
    echo "blacklist nf_conntrack_netlink" >> /etc/modprobe.d/clearos.conf
    /sbin/rmmod nfnetlink nfnetlink_log nfnetlink_queue nf_conntrack_netlink >/dev/null 2>&1
fi

# Upgrade clearos.repo file to new structure
#-------------------------------------------

CHECK=`grep "^\[clearos-infra" /etc/yum.repos.d/clearos.repo.rpmnew 2>/dev/null`

CHECK_PLAGUE2KOJI=`grep "^\[clearos-addons" /etc/yum.repos.d/clearos.repo 2>/dev/null`
CHECK_TESTING2FINAL=`grep "clearos-testing-.*testing" /etc/yum.repos.d/clearos.repo 2>/dev/null`

if ( [ -n "$CHECK_PLAGUE2KOJI" ] && [ -n "$CHECK" ] ); then
    logger -p local6.notice -t installer "app-base-core - upgrading old plague-based yum repo definition"
    mv /etc/yum.repos.d/clearos.repo /etc/yum.repos.d/clearos.repo.old
    cp /etc/yum.repos.d/clearos.repo.rpmnew /etc/yum.repos.d/clearos.repo
elif ( [ -n "$CHECK_TESTING2FINAL" ] && [ -n "$CHECK" ] ); then
    logger -p local6.notice -t installer "app-base-core - upgrading yum repo configuration pointing to testing"
    mv /etc/yum.repos.d/clearos.repo /etc/yum.repos.d/clearos.repo.old
    cp /etc/yum.repos.d/clearos.repo.rpmnew /etc/yum.repos.d/clearos.repo
fi

# Changes to yum exclude policies
#--------------------------------

PACKAGES="grub2- mokutil- shim-0"
REPO_FILES="clearos-centos.repo centos-unverified.repo"
REPO_DIR="/etc/yum.repos.d"

for REPO_FILE in $REPO_FILES; do
    if [ -e "$REPO_DIR/$REPO_FILE" ]; then
        for PACKAGE in $PACKAGES; do
            CHECK=`grep ^exclude=.*$PACKAGE $REPO_DIR/$REPO_FILE`
            if [ -z "$CHECK" ]; then
                logger -p local6.notice -t installer "app-base-core - adding the following to yum exclude: $REPO_FILE / $PACKAGE*"
                sed -i -e "s/^exclude=/exclude=$PACKAGE* /" $REPO_DIR/$REPO_FILE
            fi
        done
    fi
done

EXCLUDES="yum-cron-3 yum-3"
REPO_FILES="clearos-centos.repo centos-unverified.repo"

for REPO_FILE in $REPO_FILES; do
    if [ -e "$REPO_DIR/$REPO_FILE" ]; then
        for PACKAGE in $EXCLUDES; do
            CHECK=`grep "^exclude=.*$PACKAGE " $REPO_DIR/$REPO_FILE`
            if [ -z "$CHECK" ]; then
                logger -p local6.notice -t installer "app-base-core - removing the following from yum exclude: $REPO_FILE / $PACKAGE*"
                sed -i -e "s/$PACKAGE\* //" $REPO_DIR/$REPO_FILE
            fi
        done
    fi
done

# Force a webconfig change event for tracker #5521
#-------------------------------------------------

if [ ! -e /var/clearos/base/webconfig_restart5521 ]; then
    # Restarts webconfig asynchronously
    touch /var/clearos/base/webconfig_restart
    # Flag to make sure it happens once
    touch /var/clearos/base/webconfig_restart5521
fi

# Handle upgrade for #7061 and #7071
#-----------------------------------
# Note: --noplugins required to get around tracker #6851

IS_COMMUNITY_UPGRADE=`grep Community /etc/product 2>/dev/null`
if [ -n "$IS_COMMUNITY_UPGRADE" ]; then
    /usr/bin/yum-config-manager --noplugins --enable clearos-centos >/dev/null 2>&1
    /usr/bin/yum-config-manager --noplugins --enable clearos-centos-updates >/dev/null 2>&1
fi

CHECK_NEW=`grep "download1.clearsdn.com" /etc/yum.repos.d/clearos-epel.repo.rpmnew 2>/dev/null`
CHECK_LEGACY=`grep "download.fedoraproject.org" /etc/yum.repos.d/clearos-epel.repo 2>/dev/null`
if ( [ -n "$CHECK_LEGACY" ] && [ -n "$CHECK_NEW" ] ); then
    logger -p local6.notice -t installer "app-base-core - upgrading old EPEL yum repo definition"
    mv /etc/yum.repos.d/clearos-epel.repo /etc/yum.repos.d/clearos-epel.repo.old
    cp /etc/yum.repos.d/clearos-epel.repo.rpmnew /etc/yum.repos.d/clearos-epel.repo
fi

# Upgrade centos-clearos
#-----------------------

CHECK=`grep '\/.releasever' /etc/yum.repos.d/clearos-centos.repo 2>/dev/null`
if [ -n "$CHECK" ]; then
    logger -p local6.notice -t installer "app-base-core - updating upstream to 7.3.1611"
    sed -i -e 's/\/.releasever/\/7.3.1611/' /etc/yum.repos.d/clearos-centos.repo 
fi

# FIXME: remove in 7.3
# disable kdump
#----------------------

chkconfig kdump off >/dev/null 2>&1

# Clean up symlinks from old init scripts
#----------------------------------------

if [ ! -e /var/clearos/base/symlink_cleanup ]; then
    logger -p local6.notice -t installer "app-base-core - cleaning up broken symlinks from SysV"
    find -L /etc/rc.d -type l -exec rm -f '{}' \;
    touch /var/clearos/base/symlink_cleanup
fi

# Testing mode
#-------------

# TODO: beta period only
# Note: --noplugins required to get around tracker #6851
# /usr/bin/yum-config-manager --noplugins --enable clearos-qa >/dev/null 2>&1
# /usr/bin/yum-config-manager --noplugins --enable clearos-epel >/dev/null 2>&1
# /usr/bin/yum-config-manager --noplugins --enable clearos-updates >/dev/null 2>&1
# /usr/bin/yum-config-manager --noplugins --enable clearos-centos >/dev/null 2>&1
# /usr/bin/yum-config-manager --noplugins --enable clearos-centos-updates >/dev/null 2>&1

exit 0
