# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI="2"
PYTHON_DEPEND="2"
SUPPORT_PYTHON_ABIS="1"
RESTRICT_PYTHON_ABIS="3.*"

RPM_VER="1.1"
OPSI="opsi40"
SUSE="openSUSE_13.2"

inherit distutils eutils rpm

DESCRIPTION="opsi configuration service"
HOMEPAGE="http://opsi.org"
LICENSE="GPL-2"
SRC_URI="http://download.opensuse.org/repositories/home:/uibmz:/opsi:/${OPSI}/${SUSE}/src/${P}-${RPM_VER}.src.rpm"

IUSE=""

KEYWORDS="~amd64 ~arm ~x86"

# doing so because tools, python packages... overlap
SLOT="0"

RDEPEND="dev-python/python-opsi
	dev-python/twisted-web
	dev-python/dbus-python
	sys-process/psmisc
	net-analyzer/rrdtool[python]
	dev-libs/openssl
	sys-process/procps
	net-dns/avahi[python]"
DEPEND="${RDEPEND}
	dev-python/setuptools"


src_install() {
	distutils_src_install

	keepdir /var/log/opsi/opsiconfd
	keepdir /var/lib/opsiconfd/rrd
	keepdir /var/lib/opsi/config/depots

	newinitd "${FILESDIR}"/opsiconfd.initd opsiconfd
	newconfd "${FILESDIR}"/opsiconfd.confd opsiconfd
}



pkg_postinst() {
	distutils_pkg_postinst

	fileadmingroup=$(grep "fileadmingroup" /etc/opsi/opsi.conf | cut -d "=" -f 2 | sed 's/\s*//g')
	if [ -z "$fileadmingroup" ]; then
		fileadmingroup=pcpatch
	fi
	if [ $fileadmingroup != pcpatch -a -z "$(getent group $fileadmingroup)" ]; then
		groupmod -n $fileadmingroup pcpatch
	else
		if [ -z "$(getent group $fileadmingroup)"  ]; then
			groupadd $fileadmingroup
		fi
	fi
	
	if [ -z "`getent passwd opsiconfd`" ]; then
		useradd -r -G pcpatch -d /var/lib/opsi -s /bin/bash opsiconfd
	fi
	
	if [ -z "`getent group opsiadmin`" ]; then
		groupadd opsiadmin
	fi
	
	groupmod -A opsiconfd shadow 1>/dev/null 2>/dev/null || true
	groupmod -A opsiconfd uucp 1>/dev/null 2>/dev/null || true
	groupmod -A opsiconfd opsiadmin 1>/dev/null 2>/dev/null || true

	if [ ! -e "/etc/opsi/opsiconfd.pem" ]; then
		umask 077
		
		cert_country="DE"
		cert_state="RP"
		cert_locality="Mainz"
		cert_organization="uib GmbH"
		cert_commonname=`hostname -f`
		cert_email="root@$cert_commonname"
		
		echo "RANDFILE = /tmp/opsiconfd.rand" 	>  /tmp/opsiconfd.cnf
		echo "" 				>> /tmp/opsiconfd.cnf
		echo "[ req ]" 				>> /tmp/opsiconfd.cnf
		echo "default_bits = 1024" 		>> /tmp/opsiconfd.cnf
		echo "encrypt_key = yes" 		>> /tmp/opsiconfd.cnf
		echo "distinguished_name = req_dn" 	>> /tmp/opsiconfd.cnf
		echo "x509_extensions = cert_type" 	>> /tmp/opsiconfd.cnf
		echo "prompt = no" 			>> /tmp/opsiconfd.cnf
		echo "" 				>> /tmp/opsiconfd.cnf
		echo "[ req_dn ]" 			>> /tmp/opsiconfd.cnf
		echo "C=$cert_country"			>> /tmp/opsiconfd.cnf
		echo "ST=$cert_state" 			>> /tmp/opsiconfd.cnf
		echo "L=$cert_locality" 		>> /tmp/opsiconfd.cnf
		echo "O=$cert_organization" 		>> /tmp/opsiconfd.cnf
		#echo "OU=$cert_unit" 			>> /tmp/opsiconfd.cnf
		echo "CN=$cert_commonname" 		>> /tmp/opsiconfd.cnf
		echo "emailAddress=$cert_email"		>> /tmp/opsiconfd.cnf
		echo "" 				>> /tmp/opsiconfd.cnf
		echo "[ cert_type ]" 			>> /tmp/opsiconfd.cnf
		echo "nsCertType = server" 		>> /tmp/opsiconfd.cnf
		
		dd if=/dev/urandom of=/tmp/opsiconfd.rand count=1 2>/dev/null
		openssl req -new -x509 -days 1000 -nodes \
			-config /tmp/opsiconfd.cnf -out /etc/opsi/opsiconfd.pem -keyout /etc/opsi/opsiconfd.pem
		openssl gendh -rand /tmp/opsiconfd.rand 512 >>/etc/opsi/opsiconfd.pem
		openssl x509 -subject -dates -fingerprint -noout -in /etc/opsi/opsiconfd.pem
		rm -f /tmp/opsiconfd.rand /tmp/opsiconfd.cnf
	fi

	chmod 600 /etc/opsi/opsiconfd.pem
	chown opsiconfd:opsiadmin /etc/opsi/opsiconfd.pem || true
	chmod 750 /var/log/opsi/opsiconfd
	chown -R opsiconfd:$fileadmingroup /var/log/opsi/opsiconfd
}