#!/bin/sh -e

SCRIPTNAME=$(basename "$0")

REPO_URL="esm.ubuntu.com"
REPO_KEY_FILE="ubuntu-esm-keyring.gpg"
REPO_LIST=${REPO_LIST:-"/etc/apt/sources.list.d/ubuntu-esm-precise.list"}
KEYRINGS_DIR=${KEYRINGS_DIR:-"/usr/share/keyrings"}
APT_KEYS_DIR=${APT_KEYS_DIR:-"/etc/apt/trusted.gpg.d"}
APT_METHOD_HTTPS=${APT_METHOD_HTTPS:="/usr/lib/apt/methods/https"}


write_list_file() {
    cat > "$REPO_LIST" <<EOF
deb https://${1}@${REPO_URL}/ubuntu precise main
# deb-src https://${1}@${REPO_URL}/ubuntu precise main
EOF
}


enable_esm() {
    cp "${KEYRINGS_DIR}/${REPO_KEY_FILE}" "$APT_KEYS_DIR"
    write_list_file "$1"
    if [ ! -f "$APT_METHOD_HTTPS" ]; then
        echo 'Installing missing dependency apt-transport-https'
        apt-get install -y apt-transport-https >/dev/null
    fi
    echo 'Running apt-get update...'
    apt-get update >/dev/null
    echo 'Ubuntu ESM repository enabled.'
}


disable_esm() {
    if [ -f "$REPO_LIST" ]; then
        mv "$REPO_LIST" "${REPO_LIST}.save"
        rm -f "$APT_KEYS_DIR/$REPO_KEY_FILE"
        echo 'Running apt-get update...'
        apt-get update >/dev/null
        echo 'Ubuntu ESM repository disabled.'
    else
        echo 'Ubuntu ESM repository was not enabled.'
    fi
}

is_esm_enabled() {
    apt-cache policy | grep -Fq "$REPO_URL"
}

validate_token(){
    echo "$1" | grep -q '^[^:]\+:[^:]\+$'
}


check_user() {
    if [ "$(id -u)" -ne 0 ]; then
        echo 'This command must be run as root (try using sudo)' >&2
        exit 2
    fi
}


usage() {
    cat >&2 <<EOF
usage: ${SCRIPTNAME} [enable-esm|disable-esm]

Enable or disable the Ubuntu Extended Security Maintenance archive.

Parameters:
 enable-esm <token>     enable the ESM repository
 disable-esm            disable the ESM repository

the <token> argument must be in the form "user:password"

EOF
}


case "$1" in
    enable-esm)
        check_user

        token="$2"
        if ! validate_token "$token"; then
            echo 'Invalid token, it must be in the form "user:password"' >&2
            exit 3
        fi
        enable_esm "$token"
        ;;

    disable-esm)
        check_user
        disable_esm
        ;;

    is-esm-enabled)
        is_esm_enabled
        ;;

    *)
        usage
        exit 1
        ;;
esac
