#!/bin/bash

RC=0

set -u

echo "* NGCP version:   ${NGCP_VERSION}"
echo "* Debian version: ${DEBIAN_VERSION}"

# MT#9623 older apt versions modified /usr/share/keyrings/debian-archive-removed-keys.gpg
check_for_old_apt_version() {
  local apt_version
  apt_version=$(dpkg-query --show --showformat="\${Version}" apt)

  ignore_apt_keyring_string="debsums: changed file /usr/share/keyrings/debian-archive-removed-keys.gpg (from debian-archive-keyring package)"

  if dpkg --compare-versions "$apt_version" lt 0.9.10 ; then
    return 0
  else
    return 1
  fi
}

check_package_integrity() {
  echo "* Checking integrity of Debian package files..."
  debsums_tmp=$(mktemp -t ngcp-status-pkg-int-XXXXXXXXXX)

  if debsums -s 2>"$debsums_tmp" ; then
    echo " -> No modified Debian package files found."
    rm -f "$debsums_tmp"
    return 0
  fi

  # ignore false positive
  if check_for_old_apt_version ; then
    if ! grep -v "$ignore_apt_keyring_string" "$debsums_tmp" | grep -q '.' ; then
      echo " -> No modified Debian package files found (ignoring /usr/share/keyrings/debian-archive-removed-keys.gpg false positive)."
      rm -f "$debsums_tmp"
      return 0
    fi
  fi

  cat "$debsums_tmp"
  echo " -> WARNING: Modified Debian package file(s) found."
  rm -f "$debsums_tmp"
  RC=1
}

check_config_integrity() {
  echo "* Checking integrity of Debian configuration files..."
  if debsums -es 2>&1 | grep '/etc/ngcp-config/' ; then
    echo " -> WARNING: Modified ngcp configuration file(s) found."
    RC=1
  else
    echo " -> No modified ngcp configuration files found."
  fi
}

check_package_integrity
check_config_integrity

echo "* Displaying md5sum of dpkg database files:"
md5sum /var/lib/dpkg/available /var/lib/dpkg/status

echo "* Calculating md5sum over all md5sum files:"
cat /var/lib/dpkg/info/*.md5sums | md5sum

exit $RC
