#!/bin/bash
# lmz-settings-manual
#  Manual changes to the paedML Linux system
#
# Depends: UDM
#
# Copyright (C) 2013-2018 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.

set -u
set -e

# initialize OPSI property version information
ucr set lmz/opsi-properties-version?0

eval "$(ucr shell \
	ldap/base \
	domainname \
	hostname \
	domainname \
	windows/domain \
	lmz/opsi-properties-version \
	kerberos/realm \
	repository/online/component/3.2-8-errata $(: workaround for issue 4372) \
	repository/online/component/4.1-5-errata/username $(: enable UCS 4.1-5 Extended Security Maintenance LMZ issue 1955) \
	repository/online/component/4.1-5-errata/password $(: enable UCS 4.1-5 Extended Security Maintenance LMZ issue 1955) \
	repository/online/component/4.1-5-errata $(: enable UCS 4.1-5 Extended Security Maintenance LMZ issue 1955) \
	repository/online/component/4.3-5-errata/username \
	repository/online/component/4.3-5-errata/password \
	repository/online/component/4.3-5-errata \
	version/patchlevel \
	version/version \
	repository/online/component/lmz/username \
	repository/online/component/lmz/password \
	)"

msg () { # {{{1
	echo -e "$(date): $@"
} # }}}1

# Start execution

# workaround for issue Support-Netz Redmine 1774 {{{1
if [ "${version_version}" = '3.3' ] || [ "${version_version}" = '3.2' ]; then
	set +u
	if [ -z "${repository_online_component_3_3_1_errata_username}" ] && [ -z "${repository_online_component_3_3_1_errata_password}" ]; then
		ucr set repository/online/component/3.3-1-errata/username="${repository_online_component_lmz_username}" repository/online/component/3.3-1-errata/password="${repository_online_component_lmz_password}"
	fi
	set -u
fi

# enable UCS 4.1-5 Extended Security Maintenance LMZ issue 1955
if [ "${version_version}" = '4.1' ]; then
	set +u
	if [ -z "${repository_online_component_4_1_5_errata_username}" ] && [ -z "${repository_online_component_4_1_5_errata_password}" ]; then
		ucr set repository/online/component/4.1-5-errata/username="${repository_online_component_lmz_username}" repository/online/component/4.1-5-errata/password="${repository_online_component_lmz_password}"
	fi
	# enable only if necessary
	if [ "${version_patchlevel}" = '5' ] && [ "${repository_online_component_4_1_5_errata}" != 'enabled' ]; then
		ucr set repository/online/component/4.1-5-errata='enabled'
	fi
	if [ "${version_patchlevel}" != '5' ] && [ "${repository_online_component_4_1_5_errata}" != 'false' ]; then
		ucr set repository/online/component/4.1-5-errata='false'
	fi
	set -u
fi

# enable UCS 4.3-5 Extended Security Maintenance Issue #22847
if [ "${version_version}" = '4.3' ]; then
	set +u
	if [ -z "${repository_online_component_4_3_5_errata_username}" ] && [ -z "${repository_online_component_4_3_5_errata_password}" ]; then
		ucr set repository/online/component/4.3-5-errata/username="${repository_online_component_lmz_username}" repository/online/component/4.3-5-errata/password="${repository_online_component_lmz_password}"
	fi
	# enable only if necessary
	if [ "${version_patchlevel}" = '5' ] && [ "${repository_online_component_4_3_5_errata}" != 'enabled' ]; then
		ucr set repository/online/component/4.3-5-errata='enabled'
	fi
	if [ "${version_patchlevel}" != '5' ] && [ "${repository_online_component_4_3_5_errata}" != 'false' ]; then
		ucr set repository/online/component/4.3-5-errata='false'
	fi
	set -u
fi

# workaround for issue 4372 {{{1
if [ "${version_version}" = '3.2' ] && [ "${version_patchlevel}" = '8' ]; then
	set +u
	if [ -z "${repository_online_component_3_2_8_errata}" ]; then
		ucr set version/patchlevel='7'
	fi
	set -u
fi

# Removing OPSI boot menu {{{1
if ! cmp -s /var/lib/univention-client-boot/pxelinux.cfg/default /var/lib/univention-client-boot/pxelinux.cfg/default.nomenu; then
	msg "Removing OPSI boot menu"
	rm -f /var/lib/univention-client-boot/pxelinux.cfg/default
	[ -e /var/lib/univention-client-boot/pxelinux.cfg/default.nomenu ] && cp /var/lib/univention-client-boot/pxelinux.cfg/default.nomenu /var/lib/univention-client-boot/pxelinux.cfg/default
	[ -e /var/lib/univention-client-boot/pxelinux.cfg/default ] && chown opsiconfd:opsifileadmins /var/lib/univention-client-boot/pxelinux.cfg/default
	msg "Done."
fi

# Create OPSI sudo configuration {{{1
if [ -e /etc/sudoers ] && ! grep -q ^%opsifileadmins /etc/sudoers; then
	msg "Creating OPSI sudo configuration"
	echo "%opsifileadmins ALL=NOPASSWD: /usr/bin/opsi-set-rights" >> /etc/sudoers
	msg "Done."
fi

# vi: ft=sh:tw=80:sw=4:ts=4:fdm=marker
