#!/bin/bash
# postinst script for #PACKAGE#
#
# see: dh_installdeb(1)

set -e

# Begin vars.sh
#!/bin/bash
# DO NOT EDIT
# This file is regenerated each run.
# If you want to add or change a variable, edit debify/settings.json and the vars hashref

source /etc/os-release
export OBS_REPO="x${NAME}_${VERSION_ID}"
if ls debian/*.install &> /dev/null; then
    perl -pi -e 's/\${env:OBS_REPO}/$ENV{OBS_REPO}/' debian/*.install
fi

export DEB_INSTALL_ROOT="/usr/src/packages/BUILD/debian/tmp"
export DEB_SOURCE_ROOT="/usr/src/packages/BUILD/debian/SOURCES_FROM_SPEC"
export RPM_SOURCE_DIR="/usr/src/packages/BUILD/debian/SOURCES_FROM_SPEC"
export __isa_bits="64"
export __isa_name="x86"
export __sourcedir=""
export _bindir="/opt/cpanel//root/usr/bin"
export _datadir="/opt/cpanel//root/usr/share"
export _defaultdocdir="/opt/cpanel//root/usr/share/doc"
export _docdir="/opt/cpanel//root/usr/share/doc"
export _exec_prefix="/opt/cpanel//root/usr"
export _includedir="/opt/cpanel//root/usr/include"
export _infodir="/opt/cpanel//root/usr/share/info"
export _isa=""
export _lib="lib64"
export _libdir="/opt/cpanel//root/usr/lib64"
export _libexecdir="/opt/cpanel//root/usr/libexec"
export _localstatedir="/opt/cpanel//root/var"
export _mandir="/opt/cpanel//root/usr/share/man"
export _prefix="/opt/cpanel//root/usr"
export _root_bindir="/opt/cpanel//root/usr/bin"
export _root_datadir="/opt/cpanel//root/usr/share"
export _root_exec_prefix="/opt/cpanel//root/usr"
export _root_includedir="/opt/cpanel//root/usr/include"
export _root_infodir="/opt/cpanel//root/usr/share/info"
export _root_initddir="/opt/cpanel//root/etc/rc.d/init.d"
export _root_libdir="/opt/cpanel//root/usr/lib64"
export _root_libexecdir="/opt/cpanel//root/usr/libexec"
export _root_localstatedir="/opt/cpanel//root/var"
export _root_mandir="/opt/cpanel//root/usr/share/man"
export _root_prefix="/opt/cpanel//root/usr"
export _root_sbindir="/opt/cpanel//root/usr/sbin"
export _root_sharedstatedir="/opt/cpanel//root/usr/com"
export _root_sysconfdir="/opt/cpanel//root/etc"
export _sbindir="/opt/cpanel//root/usr/sbin"
export _scl_prefix="/opt/cpanel"
export _scl_root="/opt/cpanel//root"
export _sysconfdir="/opt/cpanel//root/etc"
export _unitdir="/usr/lib/systemd/system"
export buildroot="/usr/src/packages/BUILD"
export full_package_name="ea-modsec2-rules-owasp-crs-3.3.5"
export ix86="i386"
export name="ea-modsec2-rules-owasp-crs"
export nil="0"
export ns_name="ea"
export pkg=""
export pkg_name=""
export pkgname=""
export previous_version="3.3.4"
export release="1"
export release_prefix="1"
export scl=""
export scl_name=""
export scl_name_base=""
export scl_name_version=""
export scl_prefix=""
export version="3.3.5"
export version_with_debian_revision="3.3.5-1"
export SOURCE1="$DEB_SOURCE_ROOT/new_includes.yaml"
export SOURCE2="$DEB_SOURCE_ROOT/meta_OWASP3.yaml"
export SOURCE3="$DEB_SOURCE_ROOT/pkg.prerm"
export SOURCE4="$DEB_SOURCE_ROOT/pkg.postinst"
export SOURCE5="$DEB_SOURCE_ROOT/pkg.preinst"
# End vars.sh

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see https://www.debian.org/doc/debian-policy/ or
# the debian-policy package


case "$1" in
    configure)
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# Contents of SOURCES/pkg.postinst
#!/bin/bash

# dpkg is evil, we depend on this behavior
set +e

PERL=/usr/local/cpanel/3rdparty/bin/perl
if test -x "$PERL"; then
    # NOOP
    echo ""
else
    # during building this cannot be executed
    exit 0
fi

# When included into the spec file, the spec file cannot access the `${` vars
# as they are.

if [ "${_localstatedir}" = "" ]; then
    _localstatedir="%{_localstatedir}"
    name="%{name}"
    version="%{version}"
    release="%{release}"
fi

/usr/local/cpanel/3rdparty/bin/perl -MCpanel::CachedDataStore -e \
  'my $hr=Cpanel::CachedDataStore::loaddatastore($ARGV[0]);$hr->{data}{OWASP3} = { distribution => "ea-modsec2-rules-owasp-crs", url => "N/A, it is done via PKG"};Cpanel::CachedDataStore::savedatastore($ARGV[0], { data => $hr->{data} })' \
  /var/cpanel/modsec_vendors/installed_from.yaml

UPDATES_DISABLED=0
if [ ! -f "${_localstatedir}/lib/rpm-state/ea-modsec2-rules-owasp-crs/had_old" ] ; then
    /usr/local/cpanel/scripts/modsec_vendor enable OWASP3
    /usr/local/cpanel/scripts/modsec_vendor enable-updates OWASP3
else
   PERL=/usr/local/cpanel/3rdparty/bin/perl

   $PERL -MYAML::Syck -E 'my $h=YAML::Syck::LoadFile($ARGV[0]);exit(exists $h->{vendor_updates}{$ARGV[1]} ? 0 : 1);' /var/cpanel/modsec_cpanel_conf_datastore OWASP3
   if [ "$?" -ne "0" ] ; then
        UPDATES_DISABLED=1
        # this will add the exclude to the package managers configuration file if it is missing
        /usr/local/cpanel/scripts/modsec_vendor disable-updates OWASP3
   fi
fi

DID_DEFAULTS=0
if [ "$1" = "configure" ] || [ "$1" = "1" ] ; then
    if [ ! -f "${_localstatedir}/lib/rpm-state/ea-modsec2-rules-owasp-crs/had_old" ] ; then
        # Ubuntu dpkg freaks out when the result is 1
        grep --silent '  modsec_vendor_configs/OWASP3/' /var/cpanel/modsec_cpanel_conf_datastore
        if [ "$?" -ne "0" ] ; then
            DID_DEFAULTS=1
            /usr/local/cpanel/scripts/modsec_vendor enable-configs OWASP3
        fi
    fi
fi

if [ "$DID_DEFAULTS" -eq "0" -a "$UPDATES_DISABLED" -eq "0" ] ; then
    echo "Checking new rules"
    ADDED_NEW_RULE=0
    NEWRULES_PATH=/opt/cpanel/ea-modsec2-rules-owasp-crs/new_includes.yaml
    NEWRULES_REL=/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules
    CONFIG_REL=modsec_vendor_configs/OWASP3/rules
    PERL=/usr/local/cpanel/3rdparty/bin/perl

    for RULE in $($PERL -MYAML::Syck -e 'my $h=YAML::Syck::LoadFile($ARGV[0]);if (exists $h->{$ARGV[1]}) { print "$_\n" for @{ $h->{$ARGV[1]} } }' $NEWRULES_PATH ${version})
    do
        $PERL -MYAML::Syck -e 'my $h=YAML::Syck::LoadFile($ARGV[0]);exit( $h->{active_configs}{$ARGV[1]} ? 0 : 1)' /var/cpanel/modsec_cpanel_conf_datastore $CONFIG_REL/$RULE
        if [ "$?" -eq "1" ] ; then
            SYNTAX_CHECK=$(/usr/sbin/httpd -DSSL -e error -t -f /etc/apache2/conf/httpd.conf -C "Include '$NEWRULES_REL/$RULE'" 2>&1)
            if [ "$?" -eq "0" ] ; then
                ADDED_NEW_RULE=1
                echo "Adding new rule set: $RULE"
                $PERL -MYAML::Syck -e 'my $h=YAML::Syck::LoadFile($ARGV[0]);$h->{active_configs}{$ARGV[1]} = 1;YAML::Syck::DumpFile($ARGV[0], $h)' /var/cpanel/modsec_cpanel_conf_datastore $CONFIG_REL/$RULE
            else
                MSG="New rule set ($RULE) could not be added due to this error:\n$SYNTAX_CHECK\n"
                echo -e $MSG
                echo -e "[${name} v${version}-${release}]\n$MSG[/${name}]\n" >> /usr/local/cpanel/logs/error_log
            fi
        fi
    done

    if [ "$ADDED_NEW_RULE" -eq "1" ] ; then
        echo "Rebuilding /etc/apache2/conf.d/modsec/modsec2.cpanel.conf with new rules"
        $PERL -MWhostmgr::ModSecurity::ModsecCpanelConf -e 'Whostmgr::ModSecurity::ModsecCpanelConf->new->manipulate(sub {})'
    fi
fi

echo "POSTRANS"

PERL=/usr/local/cpanel/3rdparty/bin/perl
$PERL -MWhostmgr::ModSecurity::ModsecCpanelConf -e 'Whostmgr::ModSecurity::ModsecCpanelConf->new->manipulate(sub {})'
# End SOURCES/pkg.postinst


exit 0
