ja4sentinel/packaging/deb/postinst

#!/bin/bash
set -e

# postinst script for ja4sentinel .deb package

case "$1" in
    configure)
        # Create ja4sentinel user and group if they don't exist
        if ! getent group ja4sentinel > /dev/null 2>&1; then
            groupadd --system ja4sentinel
        fi
        
        if ! getent passwd ja4sentinel > /dev/null 2>&1; then
            useradd --system \
                --gid ja4sentinel \
                --home-dir /var/lib/ja4sentinel \
                --no-create-home \
                --shell /usr/sbin/nologin \
                ja4sentinel
        fi
        
        # Create necessary directories
        mkdir -p /var/lib/ja4sentinel
        mkdir -p /var/run/ja4sentinel
        mkdir -p /var/log/ja4sentinel
        mkdir -p /etc/ja4sentinel
        
        # Set proper ownership
        chown -R ja4sentinel:ja4sentinel /var/lib/ja4sentinel
        chown -R ja4sentinel:ja4sentinel /var/run/ja4sentinel
        chown -R ja4sentinel:ja4sentinel /var/log/ja4sentinel
        chown -R ja4sentinel:ja4sentinel /etc/ja4sentinel
        
        # Set proper permissions
        chmod 750 /var/lib/ja4sentinel
        chmod 750 /var/log/ja4sentinel
        chmod 750 /etc/ja4sentinel
        
        # Install default config if it doesn't exist
        if [ ! -f /etc/ja4sentinel/config.yml ]; then
            cp /usr/share/ja4sentinel/config.yml /etc/ja4sentinel/config.yml
            chown ja4sentinel:ja4sentinel /etc/ja4sentinel/config.yml
            chmod 640 /etc/ja4sentinel/config.yml
        fi
        
        # Enable and start the service (if running in a real system, not container)
        if [ -x /bin/systemctl ] && [ -d /run/systemd/system ]; then
            systemctl daemon-reload
            systemctl enable ja4sentinel.service
            if ! systemctl is-active --quiet ja4sentinel.service; then
                systemctl start ja4sentinel.service
            fi
        fi
        ;;
    
    abort-upgrade|abort-remove|abort-deconfigure)
        # On abort, do nothing special
        ;;
    
    *)
        echo "postinst called with unknown argument '$1'" >&2
        exit 1
        ;;
esac

exit 0