#!/bin/sh
set -e

. /usr/share/debconf/confmodule

file="$1"

db_get apt-setup/services-select-ubuntu
if ! echo "$RET" | grep -q security; then
	exit
fi

db_get apt-setup/security_host
host="$RET"
[ "$host" ] || exit

db_get apt-setup/security_path
directory="$RET"
[ "$directory" ] || exit

if ! db_get mirror/codename || [ -z "$RET" ]; then
	db_get cdrom/codename
fi
codename="$RET"

# To determine if restricted should be included, grep the file to see if it
# is listed in it.
dists="main"
for dist in restricted; do
	if grep -v 'cdrom:' $ROOT/etc/apt/sources.list.new | grep -q '^[^#]* '$dist; then
		dists="$dists $dist"
	fi
done

deb_src="deb-src"
db_get apt-setup/enable-source-repositories
if [ "$RET" = false ]; then
	deb_src="# deb-src"
fi

# Don't test mirror if no network selected in netcfg
echo "deb http://$host$directory $codename-security $dists" >> $file
echo "$deb_src http://$host$directory $codename-security $dists" >> $file
if db_get netcfg/dhcp_options && \
   [ "$RET" = "Do not configure the network at this time" ]; then
	CODE=9
else
	CODE=0
	export ASV_TIMEOUT="-o Acquire::http::Timeout=30"
	if ! apt-setup-verify --from $PROGRESS_FROM --to $PROGRESS_TO $file; then
		db_subst apt-setup/service-failed HOST "$host"
		db_input critical apt-setup/service-failed || true
		if ! db_go; then
			exit 10 # back up
		fi
		CODE=9
	fi
fi

# Security sources for Ubuntu universe; not used much, but e.g. unsupported
# binary packages from a supported source package will end up here.
if db_get apt-setup/universe && [ "$RET" = true ]; then
	DEB='deb'
	DEB_SRC=$deb_src
else
	DEB='# deb'
	DEB_SRC='# deb-src'
fi
cat >> $file <<EOF
${DEB} http://$host$directory $codename-security universe
${DEB_SRC} http://$host$directory $codename-security universe
EOF

# Security sources for Ubuntu multiverse, with the same caveats as for
# universe.
if db_get apt-setup/multiverse && [ "$RET" = true ]; then
	DEB='deb'
	DEB_SRC=$deb_src
else
	DEB='# deb'
	DEB_SRC='# deb-src'
fi
cat >> $file <<EOF
${DEB} http://$host$directory $codename-security multiverse
${DEB_SRC} http://$host$directory $codename-security multiverse
EOF

apt-setup-signed-release security.ubuntu.com "$file"

exit 0
