# arg 1:  the new package version
post_install() {
	# target directory
	TARGET_DIR='/var/cache/pixelserv'

	# ensure the target directory exists
	if [[ -d "$TARGET_DIR" ]]; then
		echo "$TARGET_DIR already exists. Consider to remove it before generating new certificates"
	else
		sudo mkdir -pv "$TARGET_DIR"
	fi

	# check the ownership of the directory
	if [[ "$(stat -c '%U' "$TARGET_DIR")" != 'nobody' ]]; then
		sudo chown -vR nobody:root "$TARGET_DIR"
	fi

	# check directory permissions
	if [[ "$(stat -c '%A' "$TARGET_DIR")" =~ '---$' ]]; then
		sudo chmod -vR o-rwx "$TARGET_DIR"
	fi

	cat <<EOF

    In order to use pixelserv-tls you need to:
        1. create root CA certificate https://git.io/vNuoH

            cd /var/cache/pixelserv
            sudo -u nobody openssl genrsa -out ca.key 1024
            sudo -u nobody openssl req -key ca.key -new -x509 -days 3650 -sha256 -extensions v3_ca -out ca.crt -subj "/CN=Pixelserv CA"

        2. import CA certificate

            sudo cp /var/cache/pixelserv/ca.crt /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt
            sudo trust extract-compat

    ... OR just run script (as your current user!):

        pixelserv-ca-init

    ... THEN start/enable systemd service:
        sudo systemctl enable --now pixelserv-tls

EOF
}

# arg 1:  the new package version
# arg 2:  the old package version
post_upgrade() {
	post_install
}

# arg 1:  the old package version
post_remove() {
	TARGET_DIR='/var/cache/pixelserv'
	cat <<EOF

    If you won't use pixelserv-tls anymore you may remove "Pixelserv CA" certificate
    and pixelserv-tls's cert folder using:

        rm /usr/share/ca-certificates/trust-source/anchors/ca.pixelserv.crt
        trust extract-compat

        rm -rf $TARGET_DIR

EOF
}
