#!/bin/sh
set -e

if [ "$1" = configure ]; then
    if [ ! -f /etc/ipa/nssdb/cert8.db ]; then
        python2 -c 'from ipapython.certdb import create_ipa_nssdb; create_ipa_nssdb()' >/dev/null 2>&1
        tmp=$(mktemp) || exit
        if certutil -L -d /etc/pki/nssdb -n 'IPA CA' -a >"$tmp" 2>/var/log/ipaupgrade.log; then
            certutil -A -d /etc/ipa/nssdb -n 'IPA CA' -t CT,C,C -a -i "$tmp" >/var/log/ipaupgrade.log 2>&1
        elif certutil -L -d /etc/pki/nssdb -n 'External CA cert' -a >"$tmp" 2>/var/log/ipaupgrade.log; then
            certutil -A -d /etc/ipa/nssdb -n 'External CA cert' -t C,, -a -i "$tmp" >/var/log/ipaupgrade.log 2>&1
        fi
        rm -f "$tmp"
    fi
fi

if [ ! -e /run/ipa ]; then
    mkdir -m 0700 /run/ipa
fi

#DEBHELPER#