#!/bin/sh
#set -x

#. /usr/share/debconf/confmodule

file="$1"

log() {
	logger -t apt-setup "$@"
}
warning() {
	log "warning: $@"
}

TARGET="${1}"
ADMIN="${2}"

#if [ -f $TARGET/var/lib/dpkg/info/astra-extra.postinst ]; then
#chroot $TARGET /var/lib/dpkg/info/astra-extra.postinst configure
#fi

#restrict_file_list="/usr/lib/python2.6/dist-packages/_dbus_glib_bindings.so /usr/lib/python2.6/dist-packages/_dbus_bindings.so /usr/lib/python2.7/dist-packages/_dbus_glib_bindings.so \
#/usr/lib/python2.7/dist-packages/_dbus_bindings.so /usr/lib/python2.6/dist-packages/_dbus_bindings_d.so /usr/lib/python2.6/dist-packages/_dbus_glib_bindings_d.so \
#/usr/lib/python2.7/dist-packages/_dbus_bindings_d.so /usr/lib/python2.7/dist-packages/_dbus_glib_bindings_d.so /usr/lib/python3/dist-packages/_dbus_bindings.cpython-32mu.so \
#/usr/lib/python3/dist-packages/_dbus_glib_bindings.cpython-32mu.so /usr/lib/python3/dist-packages/_dbus_bindings.cpython-32dmu.so \
#/usr/lib/python3/dist-packages/_dbus_glib_bindings.cpython-32dmu.so /usr/lib/python2.6/dist-packages/PyQt4/QtDBus.so /usr/lib/python2.7/dist-packages/PyQt4/QtDBus.so \
#/usr/lib/python2.6/dist-packages/PyQt4/QtDBus_d.so /usr/lib/python2.7/dist-packages/PyQt4/QtDBus_d.so /usr/lib/python2.6/dist-packages/dbus/mainloop/qt.so \
#/usr/lib/python2.7/dist-packages/dbus/mainloop/qt.so /usr/lib/python2.6/dist-packages/dbus/mainloop/qt_d.so /usr/lib/python2.7/dist-packages/dbus/mainloop/qt_d.so \
#/usr/lib/python3/dist-packages/PyQt4/QtDBus.cpython-32mu.so /usr/lib/python3/dist-packages/PyQt4/QtDBus.cpython-32dmu.so /usr/lib/python3/dist-packages/dbus/mainloop/qt.cpython-32mu.so \
#/usr/lib/python3/dist-packages/dbus/mainloop/qt.cpython-32dmu.so /usr/lib/python2.7/dist-packages/PyQt5/QtDBus.so /usr/lib/python2.7/dist-packages/PyQt5/QtDBus_d.so \
#/usr/lib/python2.7/dist-packages/dbus/mainloop/pyqt5.so /usr/lib/python2.7/dist-packages/dbus/mainloop/pyqt5_d.so /usr/lib/python3/dist-packages/PyQt5/QtDBus.cpython-32mu.so \
#/usr/lib/python3/dist-packages/PyQt5/QtDBus.cpython-32dmu.so /usr/lib/python3/dist-packages/dbus/mainloop/pyqt5.cpython-32mu.so \
#/usr/lib/python3/dist-packages/dbus/mainloop/pyqt5.cpython-32dmu.so"

#restrict_file_list="/usr/lib/python2.7/lib-dynload/_ctypes.x86_64-linux-gnu.so /usr/lib/python2.7/lib-dynload/_ctypes_test.x86_64-linux-gnu.so \ 
#/usr/lib/python3.5/lib-dynload/_ctypes.cpython-35m-x86_64-linux-gnu.so /usr/lib/python3.5/lib-dynload/_ctypes_test.cpython-35m-x86_64-linux-gnu.so "

restrict_file_list=""

#disable_services="mysql-ndb-mgm mysql-ndb mysql exim4 freeradius ejabberd nfs-kernel-server samba dovecot squid apache2 ipx bind9 ntp postgresql-8.4 dhcp3-server nfs-common openvpn pppd-dns pptpd snmpd slpd vsftpd rsync isc-dhcp-server openbsd-inetd"

disable_services="apache2.service bind9.service exim4 dovecot.service ejabberd.service nfs-client.target ntp nfs-server.service nmbd.service smbd.service snmpd.service pppd-dns.service ssh.service vsftpd.service winbind.service bluetooth.service openvpn.service sssd.service systemd-timesyncd.service"

#for cur_serv in ${disable_services}; do
#	for rcdir in ${TARGET}/etc/rc0.d ${TARGET}/etc/rc1.d ${TARGET}/etc/rc2.d ${TARGET}/etc/rc3.d ${TARGET}/etc/rc4.d ${TARGET}/etc/rc5.d ${TARGET}/etc/rc6.d ${TARGET}/etc/rcS.d; do
#		find $rcdir -name [SK][0-9][0-9]${cur_serv} -exec rm -f {} \;
#	done
#done

#mount -o bind /dev ${TARGET}/dev
#mount -o bind /proc ${TARGET}/proc
#mount -o bind /sys ${TARGET}/sys

for cur_serv in ${disable_services}; do
	    chroot ${TARGET} systemctl disable $cur_serv 
done

if [ -e ${TARGET}/usr/bin/X ]; then
    if [ `lspci | grep VGA | grep -i " ati " | wc -l` -gt 0 ] ;then 
	echo ATI
	if [ -e ${TARGET}/usr/bin/aticonfig ]; then
#	    mount -o bind /proc ${TARGET}/proc
	    chroot ${TARGET} aticonfig --initial -f
#	    umount ${TARGET}/proc
	fi
    fi
fi
if [ -e ${TARGET}/usr/bin/X ]; then
    if [ `lspci | grep VGA | grep -i "nvidia" | wc -l` -gt 0 ] ;then
	echo NVIDIA
	if [ -e ${TARGET}/usr/bin/nvidia-xconfig ]; then
	    chroot ${TARGET} nvidia-xconfig
	fi
    fi
fi

#new='/tmp/new'
#>$new
#IFS=$'
#'
#for i in `cat ${TARGET}/etc/fstab`
#do
#	    f=`echo "$i" | cut -f 1 | cut -f 1 -d ' '`
#	    echo $f
#	    if [ -L "$f" ]
#	    then
#	        real=`readlink -f $f`
#	        echo "$i" | sed "s|$f|$real|" >> $new
#	    else
#	       echo "$i" >> $new
#	    fi
#done
#cat $new > ${TARGET}/etc/fstab

#chroot ${TARGET} polkit-action --set-defaults-active org.freedesktop.hal.storage.mount-fixed yes

if [ -f ${TARGET}/usr/bin/ntfs-3g ]; then
    ln -sf /usr/bin/ntfs-3g  ${TARGET}/sbin/mount.ntfs
fi

if [ -f ${TARGET}/bin/bash ]; then
    ln -sf /bin/bash ${TARGET}/bin/sh
fi

# setting grub2 params
# Also edit /etc/default/grub
if [ -f ${TARGET}/etc/default/grub ]; then
#	sed 's/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\"/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\ splash\ net\.ifnames\=0"/g' ${TARGET}/etc/default/grub > ./newgrub
#	sed 's/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\"/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\ net\.ifnames\=0\ fsck\.mode\=skip"/g' ${TARGET}/etc/default/grub > ./newgrub
#	sed 's/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\"/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\ net\.ifnames\=0"/g' ${TARGET}/etc/default/grub > ./newgrub
	mv -f ./newgrub ${TARGET}/etc/default/grub
	sed 's/\#GRUB\_GFXMODE\=640x480/GRUB\_GFXMODE\=1024x768/g' ${TARGET}/etc/default/grub > ./newgrub
	mv -f ./newgrub ${TARGET}/etc/default/grub
	sed -i 's/GRUB_CMDLINE_LINUX_HARDENED=.*/GRUB_CMDLINE_LINUX_HARDENED=\"slub_debug=P page_poison=1 slab_nomerge pti=on user.max_user_namespaces=0 kernel.kptr_restrict=1 vsyscall=none\"/g' ${TARGET}/etc/default/grub
#	echo "uvesafb" >> ${TARGET}/etc/initramfs-tools/modules
#	echo "drm" >> ${TARGET}/etc/initramfs-tools/modules
#	if [ `lspci | grep VGA | grep "ATI" | wc -l` -gt 0 ] ; then
#		echo ATI
#		echo "radeon modeset=1" >> ${TARGET}/etc/initramfs-tools/modules
#	fi
#	if [ `lspci | grep VGA | grep -i "nvidia" | wc -l` -gt 0 ] ; then
#		echo NVIDIA
#		echo "nouveau modeset=1" >> ${TARGET}/etc/initramfs-tools/modules
#	fi
#	if [ `lspci | grep VGA | grep -i "Intel" | wc -l` -gt 0 ]; then
#		echo Intel
#		echo "i915 modeset=1" >> ${TARGET}/etc/initramfs-tools/modules
#	fi
	echo FRAMEBUFFER=y >> ${TARGET}/etc/initramfs-tools/conf.d/splash
	if [ -f ${TARGET}/etc/grub.d/07_password ]; then
		cat ${TARGET}/etc/grub.d/07_password | sed -e "s/\r//g" > ${TARGET}/etc/grub.d/07_password_
		mv -f ${TARGET}/etc/grub.d/07_password_ ${TARGET}/etc/grub.d/07_password
		chmod +x ${TARGET}/etc/grub.d/07_password
	fi
#	chroot ${TARGET} mount /proc
#	chroot ${TARGET} mount /sys
#	chroot ${TARGET} mount /dev/pts
# Disable submenu
#	echo "GRUB_DISABLE_SUBMENU=y" >> ${TARGET}/etc/default/grub
#	chroot ${TARGET} /usr/sbin/update-grub
# Set correct kernel to boot
#	cat ${TARGET}/etc/default/grub | sed -e 's/GRUB_DEFAULT=/#GRUB_DEFAULT=/g' > ${TARGET}/etc/default/grub_
#	mv -f ${TARGET}/etc/default/grub_ ${TARGET}/etc/default/grub
#	kern_ver=`uname -r`
#	cat ${TARGET}/boot/grub/grub.cfg | grep "menuentry '" | grep ${kern_ver} | grep -v "recovery mode" | cut -d"'" -f4 > /string_id
#	for i in `cat /string_id`; do
#		echo "GRUB_DEFAULT=${i}" >> ${TARGET}/etc/default/grub
#		break
#	done
#	rm -f /string_id

# update initramfs for plymouth splash
# do it later	chroot ${TARGET} /usr/sbin/update-grub
# do it later	chroot ${TARGET} /usr/sbin/update-initramfs -u -k all
fi

# grub2 EFI fix
#mount_point_efi=`find ${TARGET} -type f -name grubx64.efi | grep "EFI" | sed -e 's/EFI.*//g'`
#if [ $mount_point_efi ]; then
#	astra_efi=`ls $mount_point_efi/EFI | grep -i astra`
#	if [ ! -d $mount_point_efi/EFI/Boot ]; then
#		mkdir -p $mount_point_efi/EFI/Boot
#		cp $mount_point_efi/EFI/${astra_efi}/grubx64.efi $mount_point_efi/EFI/Boot/bootx64.efi
#	else
#		if [ -f $mount_point_efi/EFI/Boot/bootx64.efi ]; then
#			mv -f $mount_point_efi/EFI/Boot/bootx64.efi $mount_point_efi/EFI/Boot/bootx64.efi_old
#			cp $mount_point_efi/EFI/${astra_efi}/grubx64.efi $mount_point_efi/EFI/Boot/bootx64.efi
#		else
#			cp $mount_point_efi/EFI/${astra_efi}/grubx64.efi $mount_point_efi/EFI/Boot/bootx64.efi
#		fi
#	fi
#fi

#	chroot ${TARGET} /usr/sbin/update-grub

# grub2 EFI fix for Z37xx
#tablet_z37xx=`cat /var/log/syslog | grep "CPU" | grep "Z37"`
#if [ "`mount | grep "boot/efi"`" != "" ]; then
#install_32bit=`debconf-get astra-additional-setup/additional-settings | grep "Install 32-bit bootloader"`
#fi
#if [ "${tablet_z37xx}" != "" ] || [ "$install_32bit" != "" ]; then
#	if [ -d ${TARGET}/opt/baytrail ]; then
#		cp -rf ${TARGET}/etc/default/grub ${TARGET}/etc/default/grub-orig
#		chroot ${TARGET} /usr/bin/dpkg -P grub-efi
#		chroot ${TARGET} /usr/bin/dpkg -P grub-efi-amd64
#		chroot ${TARGET} /usr/bin/dpkg -P grub-efi-amd64-bin
#		echo "ucf	ucf/changeprompt_threeway	select	install_new" > ${TARGET}/opt/grub_selections
#		echo "ucf	ucf/changeprompt	select	install_new" >> ${TARGET}/opt/grub_selections
#
#		chroot ${TARGET} /usr/bin/debconf-set-selections /opt/grub_selections
#		if [ -f ${TARGET}/opt/grub_selections ]; then
#			rm ${TARGET}/opt/grub_selections
#		fi
#		mv -f ${TARGET}/etc/default/grub-orig ${TARGET}/etc/default/grub
#		for i in `ls ${TARGET}/opt/baytrail`
#			do
#			if [ "$tablet_z37" != "" ]; then
#				chroot ${TARGET} /usr/bin/dpkg -i /opt/baytrail/$i
#			else
#				if [ `echo $i | grep "grub"` ]; then
#					chroot ${TARGET} /usr/bin/dpkg -i /opt/baytrail/$i
#				fi
#			fi
#			done
#	fi
#	in-target sh -c "debconf-apt-progress --no-progress --logstderr -- \
#		apt-get -f -y install"
#
#		hardware_name=`cat /var/log/syslog | grep "DMI" | grep "ASUS"`
#		if [ "${hardware_name}" != "" ]; then
#			if  [ -f ${TARGET}/etc/default/grub ]; then
#				if [ -z "`cat ${TARGET}/etc/default/grub | grep "i915.force_backlight_pmic=1"`" ]; then
#					sed -i -e 's/GRUB_CMDLINE_LINUX=\"reboot=pci\,force /GRUB_CMDLINE_LINUX=\"reboot=pci\,force i915.force_backlight_pmic=1 /g' ${TARGET}/etc/default/grub
#				fi
#			fi
#			chroot ${TARGET} /usr/sbin/update-grub
#		fi
#fi
#if [ -d ${TARGET}/opt/baytrail ]; then
#		chroot ${TARGET} /usr/bin/dpkg -P baytrail-install
#fi

# Little dirty hack to setupcon
if [ -f ${TARGET}/bin/setupcon ]; then
	cat ${TARGET}/bin/setupcon | sed -e 's/there\.\ >\&2/there\.\ > \/dev\/null/g' > ${TARGET}/bin/setupcon_
	chmod +x ${TARGET}/bin/setupcon_
	mv -f ${TARGET}/bin/setupcon_ ${TARGET}/bin/setupcon
fi

if [ -f ${TARGET}/etc/adduser.conf ]; then
    cat ${TARGET}/etc/adduser.conf | sed -e 's/EXTRA_GROUPS=\"fuse\ weston-launch\ /EXTRA_GROUPS=\"fuse\ /g' > ${TARGET}/etc/adduser.conf_
    mv -f ${TARGET}/etc/adduser.conf_ ${TARGET}/etc/adduser.conf
fi

# говорим, что время в биосе не UTC, а местное, чтобы не двигалось на 4 часа вперед
#if [ -f ${TARGET}/etc/adjtime ]; then
#	cat ${TARGET}/etc/adjtime | sed -e 's/UTC/LOCAL/g' > ${TARGET}/etc/adjtime_
#	mv -f ${TARGET}/etc/adjtime_ ${TARGET}/etc/adjtime
#	chroot ${TARGET} /sbin/hwclock --localtime --hctosys --debug
#else
#	chroot ${TARGET} /sbin/hwclock --adjust
#	cat ${TARGET}/etc/adjtime | sed -e 's/UTC/LOCAL/g' > ${TARGET}/etc/adjtime_
#	mv -f ${TARGET}/etc/adjtime_ ${TARGET}/etc/adjtime
#	chroot ${TARGET} /sbin/hwclock --localtime --hctosys --debug
#fi

#if [ -f ${TARGET}/usr/share/kde4/config/kdeglobals ]; then
#	echo "[General]" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "desktopFont=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "fixed=Terminus,11,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "font=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "menuFont=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "smallestReadableFont=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "taskbarFont=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "toolBarFont=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "[WM]" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "activeFont=Verdana,10,-1,5,75,1,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#fi

if [ -f ${TARGET}/null ]; then
    rm -f ${TARGET}/null
fi

##### No need any more, ubuntu kmod include this

### Fix pcspkr & evbug
#mkdir -p ${TARGET}/etc/modules-load.d/
#mkdir -p ${TARGET}/etc/modprobe.d/
#echo "# evbug is a debug tool that should be loaded explicitly" >> ${TARGET}/etc/modules-load.d/blacklist.conf
#echo "evbug" >> ${TARGET}/etc/modules-load.d/blacklist.conf
#echo "# evbug is a debug tool that should be loaded explicitly" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo "blacklist evbug" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo -e "\n# disable PC speaker" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo "blacklist pcspkr" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo "blacklist snd_pcsp" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo "blacklist radeonfb" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo -e "\n# disable PC speaker" >> ${TARGET}/etc/modules-load.d/blacklist.conf
#echo "pcspkr" >> ${TARGET}/etc/modules-load.d/blacklist.conf
#echo "snd_pcsp" >> ${TARGET}/etc/modules-load.d/blacklist.conf
#echo "radeonfb" >> ${TARGET}/etc/modules-load.d/blacklist.conf

# создание группы astra-admin
chroot ${TARGET} /usr/sbin/groupadd astra-admin
chroot ${TARGET} /usr/sbin/addgroup --gid 333 astra-console

# переносим из группы sudo в группу astra-admin
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} astra-admin
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} weston-launch
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} lpadmin
chroot ${TARGET} /usr/sbin/deluser ${ADMIN} sudo
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} astra-console

# добавляем пользователя в группы по-умолчанию
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} cdrom
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} floppy
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} audio
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} dip
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} video
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} plugdev
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} netdev
chroot ${TARGET} /usr/sbin/adduser ${ADMIN} scanner

# добавляем группу astra-admin в файл sudoers
echo "%astra-admin	ALL=(ALL:ALL) NOPASSWD: ALL" >> ${TARGET}/etc/sudoers

# reset faillog for admin
if [ -f ${TARGET}/usr/bin/faillog ]; then
	chroot ${TARGET} /usr/bin/faillog -u ${ADMIN} -m 0
fi

################# Mandatory Integrity Control
if [ -d ${TARGET}/etc/parsec/micdb ]; then
    echo "${ADMIN}:3f" > ${TARGET}/etc/parsec/micdb/1000
    chmod 0640 ${TARGET}/etc/parsec/micdb/1000
    chown 0.1000 ${TARGET}/etc/parsec/micdb/1000
#sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT=\"/GRUB_CMDLINE_LINUX_DEFAULT=\"parsec.max_ilev=63 /g'  ${TARGET}/etc/default/grub
fi
################


# Запуск скпипта при первом старте системы
### disable cat << EOF > ${TARGET}/etc/rc.local
### disable #!/bin/sh -e
### disable #
### disable # rc.local
### disable #
### disable # This script is executed at the end of each multiuser runlevel.
### disable # Make sure that the script will "exit 0" on success or any other
### disable # value on error.
### disable #
### disable # In order to enable or disable this script just change the execution
### disable # bits.
### disable #
### disable # By default this script does nothing.
### disable 
### disable FLAG="/var/log/firstboot.log"
### disable if [ ! -f \$FLAG ]; then
### disable #Put here your initialization sentences
### disable 	echo "This is the first boot"
### disable #the next line creates an empty file so it won't run the next boot
### disable 	touch \$FLAG
### disable else
### disable 	echo "Do nothing"
### disable fi
### disable 
### disable exit 0
### disable 
### disable EOF
### disable 
### disable chmod +x ${TARGET}/etc/rc.local

# Disable ipv6
#echo "net.ipv6.conf.all.disable_ipv6 = 1" >> ${TARGET}/etc/sysctl.conf

if [ -f ${TARGET}/usr/share/applications/nautilus.desktop ]; then
    sed -i 's|OnlyShowIn.*||g'  ${TARGET}/usr/share/applications/nautilus.desktop
fi

if [ -f ${TARGET}/etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf ]; then
    sed -i 's|sudo|astra-admin|g'  ${TARGET}/etc/polkit-1/localauthority.conf.d/51-debian-sudo.conf
fi

if [ -f /live ]; then
    mount -o bind /run ${TARGET}/run
fi

# Disable automatic network configuration
#if debconf-get tasksel/first | grep -q Fly; then
#if debconf-get astra-additional-setup/additional-settings | grep -q 'Disable automatic network configuration'; then
#	chroot ${TARGET} /sbin/chkconfig --del wicd
#	chroot ${TARGET} /bin/systemctl mask network-manager.service
#	chroot ${TARGET} /bin/systemctl mask NetworkManager.service
#	chroot ${TARGET} /bin/systemctl mask NetworkManager-wait-online.service
#	chroot ${TARGET} /bin/systemctl mask connman.service
#	chroot ${TARGET} /bin/systemctl mask connman-wait-online.service
#	if [ -f ${TARGET}/etc/xdg/autostart/nm-applet.desktop ]; then
#		rm ${TARGET}/etc/xdg/autostart/nm-applet.desktop
#	fi
#fi
#else
#	if debconf-get astra-additional-setup/automatic-network-disable | grep -q 'Disable automatic network configuration'; then
#		chroot ${TARGET} /sbin/chkconfig --del wicd
#		chroot ${TARGET} /bin/systemctl mask network-manager.service
#		chroot ${TARGET} /bin/systemctl mask NetworkManager.service
#		chroot ${TARGET} /bin/systemctl mask NetworkManager-wait-online.service
#		chroot ${TARGET} /bin/systemctl mask connman.service
#		chroot ${TARGET} /bin/systemctl mask connman-wait-online.service
#		if [ -f ${TARGET}/etc/xdg/autostart/nm-applet.desktop ]; then
#			rm ${TARGET}/etc/xdg/autostart/nm-applet.desktop
#		fi
#	fi
#fi

# SZI addition setup begin
#if debconf-get astra-additional-setup/additional-settings | grep -q 'Enable ELF signature check'; then
#	sed -i 's/DIGSIG_LOAD_KEYS=0/DIGSIG_LOAD_KEYS=1/g' ${TARGET}/etc/digsig/digsig_initramfs.conf
#	sed -i 's/DIGSIG_ENFORCE=0/DIGSIG_ENFORCE=1/g' ${TARGET}/etc/digsig/digsig_initramfs.conf
#	sed -i 's/DIGSIG_ELF_MODE=0/DIGSIG_ELF_MODE=1/g' ${TARGET}/etc/digsig/digsig_initramfs.conf
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Disable non-execution bit setup'; then
#	echo "1" > ${TARGET}/etc/parsec/nochmodx
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Use kernel with PaX'; then
#	cat ${TARGET}/boot/grub/grub.cfg | grep "menuentry '" | grep "pax" | grep -v "recovery mode" | cut -d"'" -f4 > /string_id
#	sed -i 's/GRUB_DEFAULT=.*//g' ${TARGET}/etc/default/grub
#	for i in `cat /string_id`; do
#		echo "GRUB_DEFAULT=${i}" >> ${TARGET}/etc/default/grub
#		break
#	done
#	rm -f /string_id
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Use Hardened kernel'; then
#	cat ${TARGET}/boot/grub/grub.cfg | grep "menuentry '" | grep "hardened" | grep -v "recovery mode" | cut -d"'" -f4 > /string_id
#	sed -i 's/GRUB_DEFAULT=.*//g' ${TARGET}/etc/default/grub
#	for i in `cat /string_id`; do
#		echo "GRUB_DEFAULT=${i}" >> ${TARGET}/etc/default/grub
#		break
#	done
#	rm -f /string_id
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Disable bootloader menu show up'; then
#	echo "GRUB_HIDDEN_TIMEOUT=0" >> ${TARGET}/etc/default/grub
#	sed -i 's/GRUB_TIMEOUT=.*/GRUB_TIMEOUT=0/g' ${TARGET}/etc/default/grub
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Enable swap cleanup'; then
#	sed -i 's/ENABLED=N/ENABLED=Y/g' ${TARGET}/etc/parsec/swap_wiper.conf
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Enable console lock'; then
#	chroot ${TARGET} /usr/sbin/astra-console-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Enable interpreters lock'; then
#	chroot ${TARGET} /usr/sbin/astra-interpreters-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Enable macros lock'; then
#	chroot ${TARGET} /usr/sbin/astra-macros-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Disable simultaneous graphics sessions'; then
#	chroot ${TARGET} /usr/sbin/astra-sumac-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Enable ufw firewall'; then
#	chroot ${TARGET} /usr/sbin/astra-ufw-control enable
#	sed -i "s/.*ENABLED.*/ENABLED=yes/g" ${TARGET}/etc/ufw/ufw.conf
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Enable system limits'; then
#	chroot ${TARGET} /usr/sbin/astra-ulimits-control enable
#else
#	chroot ${TARGET} /usr/sbin/astra-ulimits-control disable
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Disable ptrace capability'; then
#	chroot ${TARGET} /usr/sbin/astra-ptrace-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Enable Mandatory Integrity Control'; then
#	sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT=\"/GRUB_CMDLINE_LINUX_DEFAULT=\"parsec.max_ilev=63 /g'  ${TARGET}/etc/default/grub
#	chroot ${TARGET} /usr/lib/parsec/setup/set-fs-ilev-di
#fi

#if debconf-get astra-additional-setup/additional-settings | grep -q 'Enable freeing regions cleanup on EXT-partitions'; then
#cat > ${TARGET}/enable_secdel << EOF
#IFS=$'
#'
#> /etc/fstab_new
#	for i in \`cat /etc/fstab\`; do
#	    ext_string=\`echo \${i} | grep ext | awk '{print \$3}' | grep ext\`
#	    if [ "\${ext_string}" != "" ]; then
#		echo \${i} | awk '{print \$1"\t"\$2"\t"\$3"\t"\$4",secdel\t"\$5"\t"\$6}' >> /etc/fstab_new
#	    else
#		echo "\${i}" >> /etc/fstab_new
#	    fi
#	    ext_string=""
#	done
#	mv -f /etc/fstab_new /etc/fstab
#	chmod 644 /etc/fstab
#EOF
#chmod 777 ${TARGET}/enable_secdel
#chroot ${TARGET} /enable_secdel
#rm -f  ${TARGET}/enable_secdel
#fi
# SZI addition setup end

# Setting rights restrictions on several files
#IFS=' '
#for i in ${restrict_file_list}; do
#	chroot ${TARGET} /usr/bin/dpkg-statoverride --update --add root root 0640 ${i}
#done

chroot ${TARGET} /usr/bin/dpkg-statoverride --force --update --add root crontab 755 /usr/bin/crontab

# update initramfs
#mount -o bind /proc ${TARGET}/proc
#chroot ${TARGET} /usr/sbin/update-grub
#chroot ${TARGET} /usr/sbin/update-initramfs -u -k all
#chroot ${TARGET} /usr/sbin/parsec_pam del
#umount ${TARGET}/proc
#disable szi:
#rm -rf ${TARGET}/lib/modules/*/misc; chroot ${TARGET} /sbin/depmod -a; chroot ${TARGET} /usr/sbin/parsec_pam del; chroot ${TARGET} /usr/sbin/update-initramfs -u -k all

sed -i 's/#HandlePowerKey=poweroff/HandlePowerKey=ignore/g'  ${TARGET}/etc/systemd/logind.conf
echo "NotShowIn=fly-mobile" >>  ${TARGET}/etc/xdg/autostart/qasmixer.desktop
#echo "" >>  ${TARGET}/etc/xdg/autostart/fly-update-notifier.desktop
#echo -e "\nNotShowIn=fly-mobile" >>  ${TARGET}/etc/xdg/autostart/fly-update-notifier.desktop

if [ -f ${TARGET}/lib/systemd/system/NetworkManager.service ]; then
    sed -i '/ExecStart=.*/i ExecStartPre=\/bin\/rm -f \/etc\/resolv\.conf' ${TARGET}/lib/systemd/system/NetworkManager.service
fi

#sed -e "s/^\* hard fsize 50000000.*/#\* hard fsize 50000000/" -i ${TARGET}/etc/security/limits.conf
#sed -e "s/^\* soft fsize 25000000.*/#\* soft fsize 25000000/" -i ${TARGET}/etc/security/limits.conf
#sed -e "s/^\* hard nofile 4096.*/#\* hard nofile 4096/" -i ${TARGET}/etc/security/limits.conf
#sed -e "s/^\* soft nofile 2048.*/#\* soft nofile 2048/" -i ${TARGET}/etc/security/limits.conf
#sed -e "s/^\* hard nproc 2000.*/#\* hard nproc 2000/" -i ${TARGET}/etc/security/limits.conf
#sed -e "s/^\* soft nproc 1000.*/#\* soft nproc 1000/" -i ${TARGET}/etc/security/limits.conf

if [ -d ${TARGET}/etc/gtk-2.0 ]; then
    echo "gtk-font-name=\"Verdana 10\" " >> ${TARGET}/etc/gtk-2.0/gtkrc
fi

# umount here mounted above
#umount ${TARGET}/proc
#umount ${TARGET}/sys
#umount ${TARGET}/dev/pts

# Last commant thru preseed
#preseed_command preseed/late_command
