#!/bin/sh
set -e

case "$1" in
  configure)
        if [ -z "$2" ]; then
	    # krb5 prior to 1.12.1+dfsg-2 didn't support loading
	    # gssapi mechanism definitions from /etc/gss/mech.d.  To
	    # make matters worse, sysconfdir was set incorrectly so it
	    # wants the mechanism definition in /usr/etc/gss/mech.
	    # Starting in 1.12.1+dfsg-2, the krb5 package ships
	    # /etc/gss/mech.d/README.  There doesn't seem to be a
	    # great mechanism for a postinst script to actually probe
	    # the version of another installed package, so we'll treat
	    # that file as a flag file (as suggested in that README)
	    # and if that's not present we'll populate
	    # /usr/etc/gss/mech.  Since moonshot-gss-eap enters Debian
	    # after krb5 1.12.1+dfsg-2, the moonshot-gss-eap will not
	    # violate FHS by creating /usr/etc when run with
	    # consistent dependencies in Debian.  Backported version
	    # of moonshot-gss-eap may choose to work with older krb5
	    # rather than being strict with regard to FHS.  That's
	    # kind of the point.
	    if [ ! -e /etc/gss/mech.d/README ]; then
		oid_aes128=1.3.6.1.5.5.15.1.1.17
		oid_aes256=1.3.6.1.5.5.15.1.1.18
		mechfile=/usr/etc/gss/mech
		mkdir -p /usr/etc/gss
		test -e $mechfile |touch $mechfile
		fgrep $oid_aes128 $mechfile ||echo eap-aes128 $oid_aes128 mech_eap.so >>$mechfile
		fgrep $oid_aes256 $mechfile ||echo eap-aes256 $oid_aes256 mech_eap.so >>$mechfile
		fi
	    fi
	;;
    esac

    #DEBHELPER#

exit 0