#!/bin/bash
set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package> <new-version>
#        * <postinst> `abort-remove'
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see https://www.debian.org/doc/debian-policy/#summary-of-ways-maintainer-scripts-are-called
# or the debian-policy package

set_caps() {
    # users, listed in our pam_cap conf with such caps will inherite them
    # and be able to run tcpdump without root privileges
    if [ -x /usr/sbin/tcpdump ]; then
        setcap 'cap_net_admin=ei cap_net_raw=ei' /usr/sbin/tcpdump
    fi
}

case "$1" in
    configure)
        # enlist pam_cap with our custom conf into /etc/pam.d/common-auth
        # IMPORTANT: our rule must be executed before main auth plugins
        pam-auth-update --package yandex-rtc-duty-perms

        set_caps
    ;;

    triggered)
        set_caps
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument: $1" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

exit 0
