#!/bin/sh

FEATURES=/var/cache/apparmor/.features

echo "I: precompiling click apparmor policies"
/sbin/apparmor_parser -v -M ${FEATURES} -Q --write-cache --cache-loc=/var/cache/apparmor/ `find /var/lib/apparmor/profiles/ -maxdepth 1 -type f -not -path '*/\.*'`

echo "I: precompiling deb apparmor policies"
/sbin/apparmor_parser -v -M ${FEATURES} -Q --write-cache --cache-loc=/etc/apparmor.d/cache/ `find /etc/apparmor.d/ -maxdepth 1 -type f -not -path '*/\.*'`

echo "I: precompiling custom click apparmor policies"
mkdir -p /custom/cache/apparmor
/sbin/apparmor_parser -v -M ${FEATURES} -Q --write-cache --cache-loc=/custom/cache/apparmor/ `find /var/lib/apparmor/profiles/ -maxdepth 1 -type f -not -path '*/\.*'`

#get the apparmor manifests and profiles
mkdir -p /custom/lib/apparmor/clicks
mkdir -p /custom/lib/apparmor/profiles

for manifest in /var/lib/apparmor/clicks/*; do
	# FIXME: if this code survives for very long, it should probably be
	# rewritten using click's Python bindings
	pkgdir="$(click pkgdir "$manifest")"
	manifest_real="$(readlink -f "$manifest")"
	manifest_tail="${manifest_real#$pkgdir}"
	# Does this package exist in the custom tarball?  If so, move its
	# profiles there (if it only exists in custom) or copy them (if it
	# also exists in core).
	version="${pkgdir##*/}"
	pkgdir_noversion="${pkgdir%/*}"
	name="${pkgdir_noversion##*/}"
	profile="$(basename "$manifest" .json)"
	if [ -d "/custom/click/$name/$version" ]; then
		# Clone into custom.
		ln -nsf "/custom/click/$name/$version$manifest_tail" "/custom/lib/apparmor/clicks/${manifest##*/}"
		cp -a "/var/lib/apparmor/profiles/click_$profile" /custom/lib/apparmor/profiles/
		if [ -d "/usr/share/click/preinstalled/$name/$version" ]; then
			# Ensure that the version in the rootfs points to
			# the core database.
			ln -nsf "/usr/share/click/preinstalled/$name/$version$manifest_tail" "$manifest"
		else
			# Remove from the rootfs.
			rm -f "$manifest"
			rm -f "/var/lib/apparmor/profiles/click_$profile"
			rm -f "/var/cache/apparmor/click_$profile"
		fi
	else
		# Remove from custom.
		rm -f "/custom/cache/apparmor/click_$profile"
	fi
done

ls -l /custom/cache/apparmor/
echo "I: touching cache files to sanitize possible timestamp issues"
touch /custom/cache/apparmor/*
ls -l /custom/cache/apparmor/