#!/bin/sh
set -e


# Filters out UNKNOWN users and groups, prints a warning on stderr.
filter_unknown() {
	CMD=$1
	while read line; do
		if [ "${line:0:8+${#CMD}}" = "$CMD UNKNOWN" ]; then
			# error message like "Bad owner for ./ppp/peers"
			echo Bad "$2" for "${line:9+${#CMD}}" >&2
		else
			echo "$line"
		fi
	done
}

generate_metadata() {
	# This function generates the script commands to fix any files
	# that aren't owner=root, group=root, or mode=0644 or 0755.
	# Script is produced on stdout.  Errors go to stderr.

	# Find all files and directories that don't have root as the owner
	find . \! -user root -exec stat --format="chown %U {}" {} \; \
		| sort | filter_unknown chown owner
	# Find all files and directories that don't have root as the group
	find . \! -group root -exec stat --format="chgrp %G {}" {} \; \
		| sort | filter_unknown chgrp group

	# Find all directories that aren't 0755
	find . -type d \! -perm 0755 -exec stat --format="chmod %a {}" {} \; | sort

	# Find all files that aren't 0644 or 0755 (we can assume the VCS will
	# maintain the executable bit).  All the files in the
	# /etc/.git/objects directory are 0444 so we'll specifically avoid it.
	find . -wholename ./.git -prune -o \
		-type f \! -perm 0644 \! -perm 0755 -exec stat --format="chmod %a {}" {} \; \
		| sort

	# We don't handle xattrs.
	# Maybe check for getfattr/setfattr and use them if they're available?
}


if [ "$VCS" = git ] || [ "$VCS" = hg ] || [ "$VCS" = bzr ]; then
	# ensure the file exists so that it will list its own metadata
	if [ ! -e .fix-metadata ]; then
		touch .fix-metadata
		# Make sure the file is not readable by others, since it can leak
		# information about contents of non-readable directories in /etc.
		chmod 700 .fix-metadata
	fi

	echo "# Generated by etckeeper." > .fix-metadata
	echo >> .fix-metadata
	generate_metadata >> .fix-metadata

	# stage the file as part of the current commit
	if [ "$VCS" = git ]; then
		# this will do nothing if the metadata file is unchanged.
		git add .fix-metadata
	fi
	# hg and bzr add not done, they will automatically
	# include the file in the current commit
fi