#!/bin/sh
#
# © Microsoft Corporation. All rights reserved.
#
# The postinst script is invoked after a particular version of a package is
# unpacked. These are the different situations that are handled here:
#
# postinst configure [current-version] - A new version has been unpacked and needs
#   to be configured (during a dpkg --install) or the currently installed version is
#   being reconfigured (during a dpkg --configure)
# old-postinst abort-upgrade [new-version] - During an upgrade to a new version, there
#   was a failure that ended up aborting the upgrade for some reason, and the old / previously
#   installed version may need to reconfigure itself to restore a steady state
# postinst abort-remove - A currently installed package was being removed, either because
#   a new version is being installed or a conflict is being addressed; however, the remove failed,
#   and the old / previously installed version may need to configure to repair itself
# postinst abort-deconfigure - A currently installed package was being auto-deconfigured for some
#   reason, but that failed, so the old / previously installed version may need to reconfigure itself

set -e

rm -f /usr/bin/intune-portal
ln -s /opt/microsoft/intune/bin/intune-portal /usr/bin/intune-portal

if [ -z "${DPKG_ROOT:-}" ] && [ -d /run/systemd/users ]; then
    if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
        # Ensure all tmpfiles are created before anything else starts up
        if [ -d /run/systemd/system ] ; then
            systemd-tmpfiles --create intune.conf >/dev/null || true
        fi

        # Apply intune's PAM configuration profile
        pam-auth-update --package >/dev/null || true

        #
        # Systemd user units
        #

        # intune-agent.timer systemd user unit

        # Remove any masks that were created by deb-systemd-helper on package removal.
        # `deb-systemd-helper mask` will record whether a service was enabled/disabled
        # at the point of masking, and `deb-systemd-helper unmask` will restore that state.
        deb-systemd-helper --user unmask intune-agent.timer >/dev/null || true

        if deb-systemd-helper --user --quiet was-enabled intune-agent.timer; then
            # Enables the unit on first installation, creates new
            # symlinks on upgrades if the unit file has changed.
            deb-systemd-helper --user enable intune-agent.timer >/dev/null || true
        else
            # Update the statefile to add new symlinks (if any), which need to be
            # cleaned up on purge. Also remove old symlinks.
            deb-systemd-helper --user update-state intune-agent.timer >/dev/null || true
        fi

        # intune-agent.service systemd user unit

        # Remove any masks that were created by deb-systemd-helper on package removal.
        # `deb-systemd-helper mask` will record whether a service was enabled/disabled
        # at the point of masking, and `deb-systemd-helper unmask` will restore that state.
        deb-systemd-helper --user unmask intune-agent.service >/dev/null || true

        if deb-systemd-helper --user --quiet was-enabled intune-agent.service; then
            # Enables the unit on first installation, creates new
            # symlinks on upgrades if the unit file has changed.
            deb-systemd-helper --user enable intune-agent.service >/dev/null || true
        else
            # Update the statefile to add new symlinks (if any), which need to be
            # cleaned up on purge. Also remove old symlinks.
            deb-systemd-helper --user update-state intune-agent.service >/dev/null || true
        fi

        # Try to reload all user units, if running on a new enough rev of systemd. Otherwise,
        # prompt the user to reload their own
        systemctl --global daemon-reload 2>/dev/null || echo "Current systemd version does not support automated reload of user units, please run 'systemctl --user daemon-reload as your user or reboot the machine."

        # deb-systemd-invoke recently gained support for talking to the user session manager
        if dpkg --compare-versions "$(dpkg-query --show --showformat='${Version}' init-system-helpers)" ge 1.61~; then
            deb-systemd-invoke --user start intune-agent.timer >/dev/null || true
        else
            echo "Current systemd version does not support automated start of user instances, please run 'systemctl --user start intune-agent.timer' as your user or reboot the machine."
        fi

        #
        # Systemd system units
        #

        # intune-daemon.socket systemd system unit

        # Remove any masks that were created by deb-systemd-helper on package removal.
        # `deb-systemd-helper mask` will record whether a service was enabled/disabled
        # at the point of masking, and `deb-systemd-helper unmask` will restore that state.
        deb-systemd-helper unmask intune-daemon.socket >/dev/null || true

        if deb-systemd-helper --quiet was-enabled intune-daemon.socket; then
            # Enables the unit on first installation, creates new
            # symlinks on upgrades if the unit file has changed.
            deb-systemd-helper enable intune-daemon.socket >/dev/null || true
        else
            # Update the statefile to add new symlinks (if any), which need to be
            # cleaned up on purge. Also remove old symlinks.
            deb-systemd-helper update-state intune-daemon.socket >/dev/null || true
        fi

        # intune-daemon.service systemd system unit

        # Remove any masks that were created by deb-systemd-helper on package removal.
        # `deb-systemd-helper mask` will record whether a service was enabled/disabled
        # at the point of masking, and `deb-systemd-helper unmask` will restore that state.
        deb-systemd-helper unmask intune-daemon.service >/dev/null || true

        if deb-systemd-helper --quiet was-enabled intune-daemon.socket; then
            # Enables the unit on first installation, creates new
            # symlinks on upgrades if the unit file has changed.
            deb-systemd-helper enable intune-daemon.socket >/dev/null || true
        else
            # Update the statefile to add new symlinks (if any), which need to be
            # cleaned up on purge. Also remove old symlinks.
            deb-systemd-helper update-state intune-daemon.socket >/dev/null || true
        fi

        if [ -d /run/systemd/system ]; then
            systemctl --system daemon-reload >/dev/null || true
            if [ -n "$2" ]; then
                _dh_action=restart
            else
                _dh_action=start
            fi
            deb-systemd-invoke $_dh_action 'intune-daemon.socket' 'intune-daemon.service' >/dev/null || true
        fi

        # Restart polkit to get any new authorization actions we put down
        systemctl restart polkit.service 2>/dev/null
    fi
fi
