#!/bin/sh

# Sudoers
#--------

/usr/sbin/addsudo /bin/cat app-base-core
/usr/sbin/addsudo /bin/chmod app-base-core
/usr/sbin/addsudo /bin/chown app-base-core
/usr/sbin/addsudo /bin/cp app-base-core
/usr/sbin/addsudo /bin/df app-base-core
/usr/sbin/addsudo /bin/grep app-base-core
/usr/sbin/addsudo /bin/kill app-base-core
/usr/sbin/addsudo /bin/ls app-base-core
/usr/sbin/addsudo /bin/mkdir app-base-core
/usr/sbin/addsudo /bin/mv app-base-core
/usr/sbin/addsudo /bin/rpm app-base-core
/usr/sbin/addsudo /bin/rm app-base-core
/usr/sbin/addsudo /bin/rmdir app-base-core
/usr/sbin/addsudo /bin/touch app-base-core
/usr/sbin/addsudo /sbin/chkconfig app-base-core
/usr/sbin/addsudo /sbin/shutdown app-base-core
/usr/sbin/addsudo /sbin/service app-base-core
/usr/sbin/addsudo /usr/bin/api app-base-core
/usr/sbin/addsudo /usr/bin/file app-base-core
/usr/sbin/addsudo /usr/bin/find app-base-core
/usr/sbin/addsudo /usr/bin/tail app-base-core
/usr/sbin/addsudo /usr/bin/chfn app-base-core
/usr/sbin/addsudo /usr/bin/du app-base-core
/usr/sbin/addsudo /usr/bin/passwd app-base-core
/usr/sbin/addsudo /usr/bin/systemctl app-base-core
/usr/sbin/addsudo /usr/sbin/app-passwd app-base-core
/usr/sbin/addsudo /usr/sbin/app-realpath app-base-core
/usr/sbin/addsudo /usr/sbin/app-rename app-base-core
/usr/sbin/addsudo /usr/sbin/userdel app-base-core
/usr/sbin/addsudo /usr/bin/yum app-base-core
/usr/sbin/addsudo /usr/bin/yum-config-manager app-base-core
/usr/sbin/addsudo /usr/sbin/yum-install app-base-core

# Import keys
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-ClearOS >/dev/null 2>&1
rpm --import /etc/pki/rpm-gpg/CLEAROS-RPM-GPG-KEY-CentOS-6 >/dev/null 2>&1
rpm --import /etc/pki/rpm-gpg/CLEAROS-RPM-GPG-KEY-EPEL-6 >/dev/null 2>&1
rpm --import /etc/pki/rpm-gpg/CLEAROS-RPM-GPG-KEY-EPEL-7 >/dev/null 2>&1
rpm --import /etc/pki/rpm-gpg/CLEAROS-RPM-GPG-KEY-atrpms >/dev/null 2>&1
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-SCLo >/dev/null 2>&1
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 >/dev/null 2>&1
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Debug-7 >/dev/null 2>&1
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Security-7 >/dev/null 2>&1
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-Testing-7 >/dev/null 2>&1

# TODO: move this to clearsync
LINE=`grep "^Cmnd_Alias CLEARSYNC" /etc/sudoers 2>/dev/null`
CHECK=`echo $LINE, | grep /usr/sbin/syncaction,`
if [ -z "$CHECK" ]; then
    ESCAPE=`echo /usr/sbin/syncaction | sed 's/\//\\\\\//g'`
    sed -i -e "s/Cmnd_Alias CLEARSYNC.*=/Cmnd_Alias CLEARSYNC = $ESCAPE,/i" /etc/sudoers
    sed -i -e "s/[[:space:]]*,[[:space:]]*$//i" /etc/sudoers
    chmod 440 /etc/sudoers
fi

# Wah?  Selinux policy is stomped on by anaconda
#-----------------------------------------------

if ( [ -d /etc/selinux ] && [ -e /var/clearos/base/wizard ] ); then
    CHECK=`grep ^SELINUX= /etc/selinux/config 2>/dev/null | sed 's/.*=//'`
    if [ -z "$CHECK" ]; then
        logger -p local6.notice -t installer "app-base-core - disabling SELinux with new configuration"
        echo "SELINUX=disabled" >> /etc/selinux/config
    elif [ "$CHECK" != "disabled" ]; then
        logger -p local6.notice -t installer "app-base-core - disabling SELinux"
        sed -i -e 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
    fi
fi

# Changes to yum exclude policies
#--------------------------------

PACKAGES="kmod-"
REPO_FILES="clearos-centos.repo centos-unverified.repo"
REPO_DIR="/etc/yum.repos.d"

for REPO_FILE in $REPO_FILES; do
    if [ -e "$REPO_DIR/$REPO_FILE" ]; then
        for PACKAGE in $PACKAGES; do
            CHECK=`grep ^exclude=.*$PACKAGE $REPO_DIR/$REPO_FILE`
            if [ -z "$CHECK" ]; then
                logger -p local6.notice -t installer "app-base-core - adding the following to yum $REPO_FILE: $PACKAGE*"
                sed -i -e "s/^exclude=/exclude=$PACKAGE* /" $REPO_DIR/$REPO_FILE
            fi
        done
    fi
done

# Remove some upstream yum.conf defaults that cause trouble
#----------------------------------------------------------

CHECK=$(grep ^distroverpkg= /etc/yum.conf 2>/dev/null)
if ( [ -x /bin/grep ] &&  [ -n "$CHECK" ] ); then
    sed -i -e '/^distroverpkg=.*/d' /etc/yum.conf
fi

# Update repos
#-------------

CURRENT_VERSION="6.9"
CURRENT_VERSION_ESC="6\.9"

CHECK=`grep '$releasever' /etc/yum.repos.d/clearos-centos.repo 2>/dev/null`
if [ -n "$CHECK" ]; then
    logger -p local6.notice -t installer "app-base-core - updating clearos-centos releasever"
    sed -i -e "s/\$releasever/$CURRENT_VERSION/" /etc/yum.repos.d/clearos-centos.repo
    sed -i -e "s/name=CentOS-7/name=CentOS-$CURENT_VERSION/" /etc/yum.repos.d/clearos-centos.repo
fi

CHECK=`grep "$CURRENT_VERSION_ESC" /etc/yum.repos.d/clearos-centos.repo 2>/dev/null`
if [ -z "$CHECK" ]; then
    logger -p local6.notice -t installer "app-base-core - updating clearos-centos version"
    sed -i -e "s/6\.[0-8]/$CURRENT_VERSION/" /etc/yum.repos.d/clearos-centos.repo
fi

CHECK=`grep '$releasever' /etc/yum.repos.d/clearos-fast-updates.repo 2>/dev/null`
if [ -n "$CHECK" ]; then
    logger -p local6.notice -t installer "app-base-core - updating clearos-fast-updates releasever"
    sed -i -e "s/$releasever/$CURRENT_VERSION/" /etc/yum.repos.d/clearos-fast-updates.repo
fi

CHECK=`grep "$CURRENT_VERSION_ESC" /etc/yum.repos.d/clearos-fast-updates.repo 2>/dev/null`
if [ -z "$CHECK" ]; then
    logger -p local6.notice -t installer "app-base-core - updating clearos-fast-updates version"
    sed -i -e "s/6\.[0-8]/$CURRENT_VERSION/" /etc/yum.repos.d/clearos-fast-updates.repo
fi

# TODO: temporary workaround for nfnetlink
#-----------------------------------------

if [ -e /etc/modprobe.d/app-base.conf ]; then
    rm -f /etc/modprobe.d/app-base.conf
fi

if [ ! -e /etc/modprobe.d/clearos.conf ]; then
    echo "blacklist nfnetlink" > /etc/modprobe.d/clearos.conf
    echo "blacklist nfnetlink_queue" >> /etc/modprobe.d/clearos.conf
    echo "blacklist nfnetlink_log" >> /etc/modprobe.d/clearos.conf
    echo "blacklist nf_conntrack_netlink" >> /etc/modprobe.d/clearos.conf
    /sbin/rmmod nfnetlink nfnetlink_log nfnetlink_queue nf_conntrack_netlink >/dev/null 2>&1
fi

# Testing mode
#-------------

# Beta period only
# /usr/bin/yum-config-manager --enable clearos-professional-testing >/dev/null 2>&1
# /usr/bin/yum-config-manager --enable clearos-updates-testing >/dev/null 2>&1
# /usr/bin/yum-config-manager --enable clearos-updates >/dev/null 2>&1

exit 0
