#!/bin/sh

# This script edits a temporary copy of the doas.conf file and
# automatically checks it for syntax errors before installing
# the new copy of doas.conf.

set -eu

PATH=/bin:/usr/bin:/usr/local/bin
export PATH

PROG="${0##*/}"

umask 077

WRK_DIR=/var/tmp
INSTALL_DIR=/usr/local/etc

doas_conf_mode=0644

doas_lock_file="${WRK_DIR}/doas.conf"
installed_doas="${INSTALL_DIR}/doas.conf"

die()
{
    echo "${PROG}: ${@}" 1>&2
    exit 1
}

warn()
{
    echo "${PROG}: ${@}" 1>&2
}

get_intr()
{
    stty -a \
    | sed -En '
	/^(.* )?intr = / {
	    s///
	    s/;.*$//
	    p
	}
    '
}

set_trap_rm()
{
    local file file_list
    file_list=
    for file
    do
	file_list="${file_list} '${file}'"
    done
    if [ -n "${file_list}" ]
    then
	trap "rm -f ${file_list}" 0 1 2 15
    fi
}

tmp_doas="$(mktemp "${WRK_DIR}/doas.conf.XXXXXXXXXX")"
set_trap_rm "${tmp_doas}"

# Check to see if an existing configuration file is installed.
if [ -f "${installed_doas}" ]
then
    if [ -r "${installed_doas}" ]
    then
	cp "${installed_doas}" "${tmp_doas}"
    else
	die "Cannot read ${installed_doas}"
    fi
fi

# Check to see if existing temporary doas.conf file exists.
if ln "${tmp_doas}" "${doas_lock_file}"
then
    set_trap_rm "${tmp_doas}" "${doas_lock_file}"
else
    die "The doas.conf file is already locked"
fi

"${EDITOR:-vi}" "${tmp_doas}" || true

while ! doas -C "${tmp_doas}"
do
    warn "Press enter to edit doas.conf again to fix it,"
    warn "or interrupt ($(get_intr)) to cancel."
    read status
    "${EDITOR:-vi}" "${tmp_doas}" || true
done

if [ -s "${tmp_doas}" ]
then
    if cmp -s "${tmp_doas}" "${installed_doas}"
    then
	warn "No changes made"
	warn "${installed_doas} unchanged"
    else
	doas -- install -m "${doas_conf_mode}" \
	    "${tmp_doas}" "${installed_doas}" \
	&& warn "${installed_doas} updated"
    fi
else
    warn "Not installing an empty doas.conf file"
    warn "${installed_doas} unchanged"
fi