#!/bin/bash


#Preupgrade Assistant performs system upgradability assessment
#and gathers information required for successful operating system upgrade.
#Copyright (C) 2013 Red Hat Inc.
#Ondrej Vasik <ovasik@redhat.com>
#
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program.  If not, see <http://www.gnu.org/licenses/>.
. /usr/share/preupgrade/common.sh
check_rpm_to "" "xargs"
#END GENERATED SECTION

[ ! -f "noverifycfg" ] || [ ! -f "verified_blacklist" ] && exit $RESULT_ERROR
found=0
DIRTYCONF_D="$VALUE_TMP_PREUPGRADE/dirtyconf"
CLEANCONF_D="$VALUE_TMP_PREUPGRADE/cleanconf"

verified_tmp=$(mktemp ".prepflsXXX" --tmpdir="/tmp")

# prepare list of verified files
while read -r line || [ -n "$line" ]; do
  [ -z "$line" ] || echo "$line" | grep -q "^-" && continue
  # WARNING! Quotes mustn't be used here because of globs in input file!
  ls -1 $(echo "$line" | cut -d " " -f1) 2>/dev/null >> "$verified_tmp"
done < verified_blacklist

#Todo: add sha1sum defaults for noarch packages (so we can skip unchanged)
while read -r line || [ -n "$line" ]; do
  [ -z "$line" ] && continue
  # WARNING! Quotes mustn't be used here because of globs in input file!
  for j in $(ls -1 $line 2>/dev/null); do
    #do we have this file on system?
    [ -f "$j" ] || continue
    #was already stored and checked?
    [ -f "$CLEANCONF_D/$j" ] && continue
    pkgname=$(rpm -qf $j | rev | cut -d'-' -f3- | rev | sort -u | xargs echo)
    #check for the RH signed rpm, don't handle not-signed packages
    #FIXME: added support of untracked files, because some significant
    #       files could be stored at all, even when these are created "on the fly"
    #       - this should be handled better later e.g. with list of files which
    #         are not tracked but fall under specific package, which should be
    #         signed by RH at last.
    is_pkg_installed "$pkgname" && is_dist_native "$pkgname" ||  {
      echo "$pkgname" | grep -q "is not owned by any package" || continue
      log_info "Backup file $j which is not tracked by any package, but is a part of the input list."
    }
    grep -q "^${j}$" "$verified_tmp" && {
      cp --parents -a "$j" "$CLEANCONF_D"
      continue
    }
    cp --parents -a "$j" "$DIRTYCONF_D" &&  found=1
    echo "$j ($pkgname)" >>"$KICKSTART_DIR/noverifycfg"
  done
done < noverifycfg

#We detected some files untracked by rpm
[ $found -eq 1 ] && \
 echo " * noverifycfg - a file that contains a list of the files marked "no verify" in the RPM packages and were not checked by the upgrade scripts. Check them if you plan to clone the system on a different machine" >>"$KICKSTART_README" && \
 log_slight_risk "We detected some files where modifications are not tracked in the RPM packages. Check their functionality after the successful upgrade."

# These two files (below) can't be backuped automatically by preupgrade-assistant
# and must be backuped by admin manually due to security!

rm -f "$verified_tmp"
log_high_risk "The files /etc/shadow and /etc/gshadow must be backed up manually by the admin."

exit $RESULT_FAIL
