archie/debian/postinst

#!/bin/bash
set -e

ARCHIE_HOME=/opt/archie
ARCHIE_USER=archie
ARCHIE_GROUP=archie
SYSTEMD_SYSTEM=/lib/systemd/system

case "$1" in
  configure)
    # ── user / group ────────────────────────────────────────────────
    if ! getent group "$ARCHIE_GROUP" > /dev/null 2>&1; then
      addgroup --system "$ARCHIE_GROUP"
    fi
    if ! getent passwd "$ARCHIE_USER" > /dev/null 2>&1; then
      adduser --system \
              --home "$ARCHIE_HOME" \
              --no-create-home \
              --ingroup "$ARCHIE_GROUP" \
              --shell /usr/sbin/nologin \
              --disabled-password \
              --gecos "Archie FTP index server" \
              "$ARCHIE_USER"
    fi

    # ── binary symlinks (mirrors release/base/config/Makefile `links`) ──
    BIN="$ARCHIE_HOME/bin"
    ln -sf telnet-client   "$BIN/-telnet-client"  2>/dev/null || true
    ln -sf arserver        "$BIN/arexchange"       2>/dev/null || true
    ln -sf arserver        "$BIN/arretrieve"       2>/dev/null || true
    ln -sf update_anonftp  "$BIN/update_webindex"  2>/dev/null || true

    # ── runtime directories (not packed — empty dirs skipped by CPack) ─
    for _d in logs tmp incoming anonftp locks \
              pfs pfs/shadow pfs/pfsdat pfs/info-tree pfs/history \
              db/tmp etc/ssl; do
      mkdir -p "$ARCHIE_HOME/$_d"
    done
    # empty log placeholders that archie and the permission step expect
    for _lf in logs/archie.log logs/email.log pfs/pfs.log; do
      [ -f "$ARCHIE_HOME/$_lf" ] || touch "$ARCHIE_HOME/$_lf"
    done

    # ── /pfs symlink — Prospero dirsrv expects /pfs to exist ────────
    if [ ! -e /pfs ]; then
      ln -sf "$ARCHIE_HOME/pfs" /pfs
    fi

    # ── initial database skeleton ────────────────────────────────────
    # db.tar.init contains the empty NDBM files archie needs to start
    if [ ! -f "$ARCHIE_HOME/db/host_db/host-db.dir" ]; then
      tar xf "$ARCHIE_HOME/tmp/db.tar.init" -C "$ARCHIE_HOME"
    fi

    # ── ownership ────────────────────────────────────────────────────
    chown -R "$ARCHIE_USER:$ARCHIE_GROUP" "$ARCHIE_HOME"
    chmod 750 "$ARCHIE_HOME"

    # ── setuid binaries ──────────────────────────────────────────────
    # telnet-client: needs setuid root to bind privileged ports
    chown root:root "$BIN/telnet-client"
    chmod 4111      "$BIN/telnet-client"

    # pstart: setuid+setgid root so any user can start/restart dirsrv
    chown root:root "$BIN/pstart"
    chmod 6111      "$BIN/pstart"

    # cgi-client: setuid archie so the web server can access the DB
    chown "$ARCHIE_USER:$ARCHIE_GROUP" "$ARCHIE_HOME/cgi/bin/cgi-client"
    chmod 4755 "$ARCHIE_HOME/cgi/bin/cgi-client"

    # ── permissions from release/base/config/Makefile ────────────────
    chmod 662  "$ARCHIE_HOME/logs/email.log"
    chmod 1777 "$ARCHIE_HOME/tmp"
    chmod 1777 "$ARCHIE_HOME/db/tmp"  2>/dev/null || true
    chmod o+rx "$ARCHIE_HOME/db"

    # ── systemd units ────────────────────────────────────────────────
    if [ -d "$SYSTEMD_SYSTEM" ]; then
      for unit in "$ARCHIE_HOME/lib/systemd/system"/archie-*.service \
                  "$ARCHIE_HOME/lib/systemd/system"/archie-*.socket \
                  "$ARCHIE_HOME/lib/systemd/system"/archie-*.timer; do
        [ -f "$unit" ] || continue
        ln -sf "$unit" "$SYSTEMD_SYSTEM/$(basename "$unit")"
      done
    fi
    if [ -d /run/systemd/system ]; then
      systemctl daemon-reload
      systemctl enable archie-dirsrv.service   || true
      systemctl enable archie-arserver.socket  || true
      systemctl enable archie-arcontrol.timer  || true
      systemctl enable archie-web.service      || true
    fi
    ;;
esac

exit 0