#!/bin/bash -e
# install security updates
# SEC_UPDATES: SKIP, FORCE (if none specified, will be interactive)

. /etc/default/inithooks
[ -e $INITHOOKS_CONF ] && . $INITHOOKS_CONF

# exit if running live
grep -qs boot=casper /proc/cmdline && exit 2

install_updates() {
    # if registered with hub, update with status
    if grep SERVERID= /var/lib/hubclient/server.conf -q -s; then
        hubclient-status sec-updates
    fi

    LOGFILE=/var/log/cron-apt/log
    OLDMD5=$(ls -la /lib/modules /boot | md5sum)
    for actionfile in /etc/cron-apt/action.d/*; do
        while read aptcmd; do
            aptcmd=$(echo $aptcmd | sed "s|-q||")
            aptcmd=$(echo $aptcmd | sed "s|-o quiet=.*||")
            DEBIAN_FRONTEND=noninteractive apt-get $aptcmd | tee -a $LOGFILE
        done < $actionfile
    done
    NEWMD5=$(ls -la /lib/modules /boot | md5sum)
    if [ "$NEWMD5" != "$OLDMD5" ]; then
        chmod +x $INITHOOKS_PATH/firstboot.d/99reboot
    fi
}

[ "$SEC_UPDATES" == "SKIP" ] && exit 0

if [ "$SEC_UPDATES" == "FORCE" ]; then
    install_updates
else
    $INITHOOKS_PATH/bin/secupdates-ask.py && install_updates
fi

