# @package      hubzero-mw2-client
# @file         Makefile
# @author       Pascal Meunier <pmeunier@purdue.edu>
# @copyright    Copyright (c) 2010-2018 HUBzero Foundation, LLC.
# @license      http://opensource.org/licenses/MIT MIT
#
# Copyright (c) 2010-2018 HUBzero Foundation, LLC.
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
# HUBzero is a registered trademark of HUBzero Foundation, LLC.
#

# Common libraries are installed as owned by root so the client can't modify them, as root may need to use them 

VARLIBDIR=$(DESTDIR)/var/lib
LOGDIR=$(DESTDIR)/var/log
OWNER=root
USRBIN=$(DESTDIR)/usr/bin
USRSBIN=$(DESTDIR)/usr/sbin
USRLIB=$(DESTDIR)/usr/lib
ETC=$(DESTDIR)/etc
USRSHARE=$(DESTDIR)/usr/share
USRSHAREMAN=$(DESTDIR)/usr/share/man
USRSHAREDOC=$(DESTDIR)/usr/share/doc
SBIN=$(DESTDIR)/sbin
VARLOG=$(DESTDIR)/var/log
USRSHAREMANMAN8=$(DESTDIR)/usr/share/man/man8
USRLOCAL=$(DESTDIR)/usr/local
VARLIBDIR=$(DESTDIR)/var/lib

DISTRIBUTION := $(shell lsb_release -is)
MAJORVERSION := $(shell lsb_release -rs | cut -d . -f 1)

ifeq ($(DISTRIBUTION),Debian)
    WEBUSER=www-data
else
    WEBUSER=apache
endif

all:
	@true

install:
	install --mode 0755 -d $(ETC)/mw-client
	install --mode 0750 -d $(VARLOG)/mw-client
	install --mode 0750 -d $(VARLIBDIR)/mw-client
	install --mode 0750 -d $(VARLOG)/mw-client/sessions
	install --mode 0755 -D maxwell $(USRBIN)/maxwell
	install --mode 0644 -D logrotate_mw-client $(ETC)/logrotate.d/hubzero-mw2-client
	install --mode 0640 -D mw2-client.conf $(ETC)/mw-client/mw2-client.conf

manual_install:  install postinst
	chmod -R 770 /etc/mw-client
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client/mw2-client.conf
	# change umask to avoid race conditions with later chmod commands
	umask 0077
	if [ ! -f /etc/mw-client/maxwell.key.pub ]; then \
	  printf 'y\n' | ssh-keygen -t rsa -b 3072 -f /etc/mw-client/maxwell.key -N '' -C "created `date +'%Y-%m-%d'` with 3072 bits for apache@`hostname`"; \
	fi
	if [ ! -f /etc/mw-client/notify.key.pub ]; then \
	  printf 'y\n' | ssh-keygen -t rsa -b 3072 -f /etc/mw-client/notify.key -N '' -C "created `date +'%Y-%m-%d'` with 3072 bits for apache@`hostname`"; \
	fi
	# make notify.key available to middleware exec service before changing ownership to apache
	if [ -f /etc/mw-client/notify.key -a -d /etc/mw-service ]; then \
	  cp /etc/mw-client/notify.key /etc/mw-service/notify.key; \
	fi
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client/maxwell.key
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client/maxwell.key.pub
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client/notify.key
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client/notify.key.pub

	# install notify public key in web service user's authorized_keys file
	if [ ! -d $(WEBUSER)/.ssh ]; then \
	  mkdir -p ~$(WEBUSER)/.ssh; \
	  chown $(WEBUSER):$(WEBUSER) ~$(WEBUSER)/.ssh; \
	fi
	# ~apache/.ssh should be owned by apache:apache
	su -s /bin/sh -c "touch  ~$(WEBUSER)/.ssh/authorized_keys" $(WEBUSER)
	if [ ! -f ~$(WEBUSER)/.ssh/authorized_keys ]; then \
	  su -s /bin/sh -c "touch  ~$(WEBUSER)/.ssh/authorized_keys" $(WEBUSER); \
	fi
	# make sure .ssh/authorized_keys is writable, and add the public key to notify
	grep -q -f /etc/mw-client/notify.key.pub ~$(WEBUSER)/.ssh/authorized_keys || \
	  su -s /bin/sh -c "chmod u+w ~$(WEBUSER)/.ssh/authorized_keys; echo -n 'COMMAND=\"/usr/bin/maxwell notify\" ' >> ~$(WEBUSER)/.ssh/authorized_keys; cat /etc/mw-client/notify.key.pub >> ~$(WEBUSER)/.ssh/authorized_keys" $(WEBUSER); \
	fi

	# setup permissions for /var/log/mw-client
	chown $(WEBUSER):$(WEBUSER) /var/log/mw-client
	chmod 0750 /var/log/mw-client
	chown $(WEBUSER):$(WEBUSER) /var/log/mw-client/sessions
	chmod 0750 /var/log/mw-client/sessions


uninstall:
	rm -f $(USRBIN)/maxwell
	rm -f $(ETC)/logrotate.d/hubzero-mw2-client

postinst:
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client
	chown $(WEBUSER):$(WEBUSER) /var/log/mw-client
	chown $(WEBUSER):$(WEBUSER) /var/log/mw-client/sessions
	@if [ ! -f /etc/mw-client/maxwell.key.pub ]; then echo 'y\n' | ssh-keygen -t rsa -b 3072 -f /etc/mw-client/maxwell.key -N '' -C "created `date +'%Y-%m-%d'` with 3072 bits for $(WEBUSER)@`hostname`" ; fi
	@if [ ! -f /etc/mw-client/notify.key.pub ]; then echo 'y\n' | ssh-keygen -t rsa -b 3072 -f /etc/mw-client/notify.key -N '' -C "created `date +'%Y-%m-%d'` with 3072 bits for $(WEBUSER)@`hostname`" ; fi
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client/maxwell.key.pub
	chmod 0400 /etc/mw-client/maxwell.key.pub
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client/maxwell.key
	chmod 0400 /etc//mw-client/maxwell.key
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client/notify.key.pub
	chmod 0400 /etc/mw-client/notify.key.pub
	chown $(WEBUSER):$(WEBUSER) /etc/mw-client/notify.key
	chmod 0400 /etc/mw-client/notify.key
	if [ -f /etc/mw-client/notify.key -a -d $(ETCDIR)/mw-service/notify.key ]; then cp /etc/mw-client/notify.key /etc/mw-service/notify.key; fi
	if [ -f /etc/mw-service/notify.key ]; then chown root:root $(ETCDIR)/mw-service/notify.key; chmod 0400 /etc/mw-service/notify.key; fi	

clean:
	rm -f $(USRBIN)/maxwell
	rm -f $(ETC)/logrotate.d/hubzero-mw2-client
	rm -f $(ETC)/mw-service/mw-file-service.conf

.PHONY: all install uninstall postinst clean
