#!/bin/sh -e

set -e

if [ "$1" = configure ]; then
    # Create the loki_ group (shared with lokid)
    if ! getent group _loki >/dev/null; then
        addgroup --force-badname --system --quiet _loki
    fi

    # Create _lokinet user if it doesn't exist
    if ! getent passwd _lokinet >/dev/null; then
        adduser --force-badname --system --quiet --home /var/lib/lokinet --ingroup _loki --gecos "Lokinet system user" _lokinet
    fi

    # Make sure the _lokinet user is part of the _loki group (in case it already existed)
    if ! id -Gn _lokinet | grep -qw _loki; then
        adduser --force-badname --quiet _lokinet _loki
    fi

    # Before 0.6.2-3 the deb's setcap'ed the binary and used restrictive permissions and ownership
    # to protect invocation; from 0.6.2-3 onwards we do the capabilities via the systemd service
    # file, so if we are upgrading from an older version remove the stat override.  (Otherwise do
    # nothing in case the local admin does a statoverride).
    if dpkg --compare-versions "$2" lt '0.6.2-3~'; then
        if dpkg-statoverride --list /usr/bin/lokinet >/dev/null 2>&1; then
            dpkg-statoverride --remove /usr/bin/lokinet
            chown root:root /usr/bin/lokinet
            chmod 755 /usr/bin/lokinet
        fi
    fi
fi

#DEBHELPER#

# Also restart the lokinet-routers.target (from oxen-multi-sn) on upgrade if it is active
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
    if [ -n "$2" ] && [ -d /run/systemd/system ]; then
        systemctl --system daemon-reload >/dev/null || true
        if systemctl --quiet is-active lokinet-routers.target; then
            deb-systemd-invoke restart lokinet-routers.target >/dev/null || true
        fi
    fi
fi