#!/bin/sh
# postinst script for chrony
#
# see: dh_installdeb(1)

set -e


# targets: configure|abort-upgrade|abort-remove|abort-deconfigure

case "$1" in
    configure)

        adduser --system \
                --group \
                --quiet \
                --comment "Chrony daemon" \
                --home /var/lib/chrony \
                --no-create-home _chrony

        if command -v ucf >/dev/null
        then
            ucf --three-way /usr/share/chrony/chrony.conf /etc/chrony/chrony.conf
            ucf --three-way /usr/share/chrony/chrony.keys /etc/chrony/chrony.keys
            if [ -x "$(command -v ucfr)" ]; then
                ucfr chrony /etc/chrony/chrony.conf
                ucfr chrony /etc/chrony/chrony.keys
            fi
        fi

        # Change the user and group ownership of "/var/l{ib,og}/chrony" iif
        # the chronyd's configuration does not contain the "user" directive.
        # Also, update these directories' mode bits to 0750 to follow upstream.
        #
        # We must also ensure that chronyd can read /etc/chrony/chrony.keys
        # after dropping root privileges.
        if ! chronyd -p | grep -q "^user"; then
            for d in /var/lib/chrony /var/log/chrony /etc/chrony/chrony.keys; do
                if ! dpkg-statoverride --list "$d" >/dev/null; then
                    if [ "$d" = "/etc/chrony/chrony.keys" ]; then
                        dpkg-statoverride --update --add root _chrony 0640 "$d"
                    else
                        dpkg-statoverride --update --add _chrony _chrony 0750 "$d"
                    fi
                fi
            done
        fi
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0