#!/bin/sh
# we don't want to read root's bash environment
BASH_ENV=
unset BASH_ENV
# defaults:
DEFAULT_DIR=`dirname $0`
INSTALLATION_OPTIONS_FILE=/opt/NAI/package/LinuxShield/nails.options
RESTART_NAILS=0
TMPDIR=/tmp/setup.$$
PAYLOAD=LinuxShield-1.2.0.SP1-payload.tar
BACKUP_FILE=LinuxShield-1.2.0.Backup.tar
PKGMD5FILE=md5
PROGNAME=setupSP1
# settings from a previous installation
SILENT_INSTALLDIR=""
SILENT_RUNTIMEDIR=""
SILENT_ADMIN=""
SILENT_HTTPHOST=""
SILENT_HTTPPORT=""
SILENT_MONITORPORT=""
SILENT_SMTPHOST=""
SILENT_SMTPPORT=""
SILENT_CREATE_USER=""
SILENT_CREATE_GROUP=""
SILENT_QUARANTINEDIR=""
SILENT_RUN_WITH_MONITOR=""
SILENT_START_PROCESSES=""

getOsVer()
{
    KERNELSUFFIX=""
    if [ -f /etc/redhat-release ]; then
	OSVER=`awk '/^Red Hat Linux Advanced Server/ {printf "Redhat%s", $(NF-1); next;}
		    /^Red Hat Enterprise Linux/ {printf "Redhat%s%s", $(NF-1), $5; next;}
		    /^Red Hat/ {printf "Redhat%s", $(NF-1);}' /etc/redhat-release`
	KERNELSTEM=`awk '/^Red Hat Linux Advanced Server/ {for(i=6; i <= NF; i++) {if (index($i,"(") == 1) {sub("AS","",$(i-1)); printf "Redhat_ent%s_", $(i-1); next;}}}
			 /^Red Hat Enterprise Linux/ {for(i=5; i <= NF; i++) {if (index($i,"(") == 1) {printf "Redhat_ent%s_", $(i-1); next;}}}
			 /^Red Hat Desktop/ {for(i=5; i <= NF; i++) {if (index($i,"(") == 1) {printf "Redhat_ent%s_", $(i-1); next;}}}
			 /^Red Hat/ {printf "Redhat_%s_", $(NF-1);}' /etc/redhat-release`
	if [ "`uname -m`" = "i586" ]
	then
	    OSVER=unknown`uname -r`
	    KERNELSTEM=unknown
	fi
    	OSVENDOR=RedHat	

    elif [ -f /etc/SuSE-release ]; then
	OSVER=`awk '/^SuSE SLES-/ { printf "SuSE%sES", substr($2, 6); next;}
			/^SuSE/ {printf "SuSE%s", $3;next;}
			/^SUSE LINUX Enterprise Server/ {printf "SuSE%sES",$5;next}
			/^Novell Linux Desktop/ {printf "SuSENLD%s",$4}' /etc/SuSE-release`
	KERNELSTEM=`echo ${OSVER}_ | sed 's/SuSE/SuSE_/'`
        OSVENDOR=SuSE	
    else
	OSVER=unknown`uname -r`
	KERNELSTEM=unknown
    	OSVENDOR=unknown	
    fi
}

# setup the eval/beta/release license information
terminationMsg()
{
	echo $2
	cleanUp
	exit 1
}
installKHM()
{
    for f in `ls -1 modules/${KERNELSTEM}*${KERNELSUFFIX}/{lshook,linuxshield}.o 2>/dev/null`
    do
	cp $f $SILENT_INSTALLDIR/lib/modules/`echo $f | sed "s modules/${KERNELSTEM}\(.*\)${KERNELSUFFIX}/\(.*\)\.o \1-\2.o "`
	echo $SILENT_INSTALLDIR/lib/modules/`echo $f | sed "s modules/${KERNELSTEM}\(.*\)${KERNELSUFFIX}/\(.*\)\.o \1-\2.o "` >> /opt/NAI/package/LinuxShield/LSH-1.2-SP1-khm.txt
	fgrep $f ${PKGMD5FILE} | sed "s modules/${KERNELSTEM}\(.*\)${KERNELSUFFIX}/ $SILENT_INSTALLDIR/lib/modules/\1- " >> ${INSTALLMD5FILE}
    done
    if [ -f  /opt/NAI/package/LinuxShield/LSH-1.2-SP1-khm.txt ]
    then
	tar -vf /opt/NAI/package/LinuxShield/$BACKUP_FILE --append -P /opt/NAI/package/LinuxShield/LSH-1.2-SP1-khm.txt >/dev/null 2>&1
	rm -rf /opt/NAI/package/LinuxShield/LSH-1.2-SP1-khm.txt
    fi	
}
updateVersion()
{
	echo $currentRelease SP1 > $SILENT_INSTALLDIR/etc/LinuxShield-release	
	
	cat ${SILENT_INSTALLDIR}/apache/htdocs/0409/nailsAbout.html | sed -e  s/"span id=arch><\/span>"/"span id=arch><\/span> SP1"/g > $TMPDIR/tmpabout
	mv $TMPDIR/tmpabout  ${SILENT_INSTALLDIR}/apache/htdocs/0409/nailsAbout.html

}
doInstallation()
{
	cp ${DEFAULT_DIR}/${PAYLOAD} /opt/NAI/package/LinuxShield
	cp ${DEFAULT_DIR}/${PROGNAME} /opt/NAI/package/LinuxShield
	cp ${DEFAULT_DIR}/Readme-SP1.txt ${SILENT_INSTALLDIR}/docs
	cp ${DEFAULT_DIR}/${PAYLOAD} ${TMPDIR}
	cd $TMPDIR
	tar -xvf ${PAYLOAD}  > /dev/null 2>&1
	
	updateVersion
	updateInitScript
	installKHM
	addBrowserSupport
	cd - > /dev/null 2>&1
}
# flush out the supplied template file with the values in
# the environment variables: INSTALLDIR, RUNTIMEDIR, HTTPHOST, HTTPORT
#
updateTemplate()
{
    sed "s?__NAILS_INSTALL__?$SILENT_INSTALLDIR?g
         s?__NAILS_RUNTIME__?$SILENT_RUNTIMEDIR?g
	 s?__NAILS_USER__?$SILENT_NAILS_USER?g
	 s?__NAILS_MD5_FILE__?$SILENT_INSTALLDIR/etc/md5?g
	 s?__NAILS_KERNEL_STEM__?$KERNELSTEM?g" $1 >$2
    if [ $? -ne 0 ]
    then terminationMsg 5 "failed to update file $2"
    fi
}
setupPermissions()
{
    chgrp -R ${SILENT_NAILS_GROUP} ${SILENT_INSTALLDIR} 
    if [ $? -ne 0 ]
    then terminationMsg 58 "failed to set LinuxShield group ownership on ${SILENT_INSTALLDIR}"
    fi
}
updateInitScript()
{
    cp nails.initd  ${SILENT_INSTALLDIR}/template/bin/nails.initd 
    # update the nails.initd startup script
    updateTemplate ${SILENT_INSTALLDIR}/template/bin/nails.initd ${SILENT_INSTALLDIR}/bin/nails.initd
    chmod u+x ${SILENT_INSTALLDIR}/bin/nails.initd
	
}
addBrowserSupport()
{
	cat ${SILENT_INSTALLDIR}/apache/htdocs/index.html.en | sed -e s/"num == 30100 || num == 30200)"/"num == 30100 || num == 30200 || num ==30300)"/g > $TMPDIR/intdex.html.en 
        mv $TMPDIR/intdex.html.en ${SILENT_INSTALLDIR}/apache/htdocs/index.html.en 

        cat ${SILENT_INSTALLDIR}/apache/htdocs/0409/loginHelp.html | sed -e s/" and 3.2.1"/", 3.2.1 and 3.3.1"/g > ${TMPDIR}/loginHelp.tmp
	mv  ${TMPDIR}/loginHelp.tmp  ${SILENT_INSTALLDIR}/apache/htdocs/0409/loginHelp.html
}
backuprOriginalFiles()
{
	tar -cvf  /opt/NAI/package/LinuxShield/${BACKUP_FILE} -P ${INSTALLMD5FILE} ${SILENT_INSTALLDIR}/template/bin/nails.initd ${SILENT_INSTALLDIR}/bin/nails.initd ${SILENT_INSTALLDIR}/apache/htdocs/index.html.en ${SILENT_INSTALLDIR}/apache/htdocs/0409/loginHelp.html ${SILENT_INSTALLDIR}/apache/htdocs/0409/nailsAbout.html ${SILENT_INSTALLDIR}/etc/LinuxShield-release > /dev/null 2>&1
	cat ${INSTALLMD5FILE}  | grep -v ${SILENT_INSTALLDIR}/template/bin/nails.initd | grep -v ${SILENT_INSTALLDIR}/bin/nails.initd |grep -v ${SILENT_INSTALLDIR}/apache/htdocs/index.html.en |grep -v ${SILENT_INSTALLDIR}/apache/htdocs/0409/loginHelp.html | grep -v ${SILENT_INSTALLDIR}/apache/htdocs/0409/nailsAbout.html |grep -v ${SILENT_INSTALLDIR}/etc/LinuxShield-release > $TMPDIR/tempmd5
	mv $TMPDIR/tempmd5 ${INSTALLMD5FILE} 
}


preUninstall()
{
	# allow group access
	umask 0027
	mkdir ${TMPDIR}
	cd ${TMPDIR}	
	# check we are running as root
	ID=`id -u`
	if [ $? -ne 0 -o $ID -ne 0 ]
	then terminationMsg 54 "you must be 'root' to uninstall LinuxShield 1.2.0 Service Pack 1"
	fi

	#check is LinuxShield 1.2.0 is installed
	LSH_12_INSTALLED=`rpm -qa | grep LinuxShield-1.2.0`
	if [ -z "${LSH_12_INSTALLED}" ]
	then
		terminationMsg 55 "LinuxShield 1.2.0 Service Pack 1 is not installed."
	fi

	if [ -f ${INSTALLATION_OPTIONS_FILE} ]
	then
		 # load in the user's installation choices
		 . ${INSTALLATION_OPTIONS_FILE}
		 INSTALLMD5FILE=${SILENT_INSTALLDIR}/etc/md5
	else
		terminationMsg 56 "LinuxShield 1.2.0  installation options file not found. Uninstallaion os Serivce Pack 1 cannot continue."
	fi
	isSP1Installed=`grep SP1 ${SILENT_INSTALLDIR}/etc/LinuxShield-release`
	if [  -z "$isSP1Installed" ]
	then
		terminationMsg 55 "LinuxShield 1.2.0 Service Pack 1 is not installed."
	fi
	currentRelease=`cat $SILENT_INSTALLDIR/etc/LinuxShield-release`
	getOsVer
	# stop LinuxShield
	if [ -x ${SILENT_INSTALLDIR}/bin/nails.initd -a -f ${SILENT_RUNTIMEDIR}/run/nailsd.pid ]
	then 
		${SILENT_INSTALLDIR}/bin/nails.initd stop
		RESTART_NAILS=1
	fi
}
preInstall()
{
	# allow group access
	umask 0027
	mkdir ${TMPDIR}
	# check we are running as root
	ID=`id -u`
	if [ $? -ne 0 -o $ID -ne 0 ]
	then terminationMsg 54 "you must be 'root' to install LinuxShield 1.2.0 Service Pack 1"
	fi

	#check is LinuxShield 1.2.0 is installed
	LSH_12_INSTALLED=`rpm -qa | grep LinuxShield-1.2.0`
	if [ -z "${LSH_12_INSTALLED}" ]
	then
		terminationMsg 55 "LinuxShield 1.2.0 is not installed. Cannot Install LinuxShield 1.2.0 Service Pack 1."
	fi

	if [ -f ${INSTALLATION_OPTIONS_FILE} ]
	then
		 # load in the user's installation choices
		 . ${INSTALLATION_OPTIONS_FILE}
		 INSTALLMD5FILE=${SILENT_INSTALLDIR}/etc/md5
	else
		terminationMsg 56 "LinuxShield 1.2.0  installation options file not found"
	fi
	isSP1Installed=`grep SP1 ${SILENT_INSTALLDIR}/etc/LinuxShield-release`
	if [ ! -z "$isSP1Installed" ]
	then
		terminationMsg 57 "LinuxShield 1.2.0 Service Pack 1 is already installed."
	fi
	currentRelease=`cat $SILENT_INSTALLDIR/etc/LinuxShield-release`
	if [ "$currentRelease" != "LinuxShield 1.2.0-757-i686" ]
	then
		terminationMsg 58 "LinuxShield 1.2.0 Service Pack 1 can only be installed over LinuxShield 1.2.0-757-i686 release"
	fi
	getOsVer
	if [ ${KERNELSTEM} = "unknown" ]
	then
		terminationMsg 56 "This service pack supports only RedHat and SuSE distributions"
	fi	
	# stop LinuxShield
	if [ -x ${SILENT_INSTALLDIR}/bin/nails.initd -a -f ${SILENT_RUNTIMEDIR}/run/nailsd.pid ]
	then 
		${SILENT_INSTALLDIR}/bin/nails.initd stop
		RESTART_NAILS=1
	fi
}
postInstall()
{
	md5sum ${SILENT_INSTALLDIR}/template/bin/nails.initd >> ${INSTALLMD5FILE}
	md5sum ${SILENT_INSTALLDIR}/bin/nails.initd >> ${INSTALLMD5FILE}
	md5sum ${SILENT_INSTALLDIR}/apache/htdocs/index.html.en >> ${INSTALLMD5FILE}
	md5sum ${SILENT_INSTALLDIR}/apache/htdocs/0409/loginHelp.html >> ${INSTALLMD5FILE}
	md5sum ${SILENT_INSTALLDIR}/apache/htdocs/0409/nailsAbout.html >> ${INSTALLMD5FILE}
	md5sum ${SILENT_INSTALLDIR}/etc/LinuxShield-release >> ${INSTALLMD5FILE}
	setupPermissions
	if [ ${RESTART_NAILS} -eq 1 ]
	then ${SILENT_INSTALLDIR}/bin/nails.initd start 
	fi
	echo "LinuxShield 1.2.0 Service Pack 1 has been installed successfully "
	
}
removeKHM()
{
	if [ -f /opt/NAI/package/LinuxShield/LSH-1.2-SP1-khm.txt ]
	then
		modules=`cat  /opt/NAI/package/LinuxShield/LSH-1.2-SP1-khm.txt`
		for f in $modules
		do
			rm -rf $f
		done
	fi
	
}
doUninstall()
{
	tar -xvf /opt/NAI/package/LinuxShield/${BACKUP_FILE} -P > /dev/null 2>&1
	removeKHM
	rm -rf /opt/NAI/package/LinuxShield/${BACKUP_FILE}  /opt/NAI/package/LinuxShield/${PAYLOAD} /opt/NAI/package/LinuxShield/${PROGNAME} /opt/NAI/package/LinuxShield/LSH-1.2-SP1-khm.txt ${SILENT_INSTALLDIR}/docs/Readme-SP1.txt
	setupPermissions ${SILENT_INSTALLDIR}
	if [ ${RESTART_NAILS} -eq 1 ]
	then ${SILENT_INSTALLDIR}/bin/nails.initd start 
	fi
	echo "LinuxShield 1.2.0 Service Pack 1 has been uninstalled successfully"
}
usage()
{
    echo "Usage: $PROGNAME <install|uninstall>"
}
cleanUp()
{
	rm -rf $TMPDIR
}
case "$1" in

  install)
	preInstall
	backuprOriginalFiles
	doInstallation
	postInstall
	cleanUp
	;;
  uninstall)
  	preUninstall
	doUninstall
	cleanUp
	;;
  *)
	usage
	exit 1
	;;
esac



