#!/bin/sh
#set -x

#. /usr/share/debconf/confmodule

file="$1"

log() {
	logger -t apt-setup "$@"
}
warning() {
	log "warning: $@"
}

TARGET="${1}"
ADMIN="${2}"

#if [ -f $TARGET/var/lib/dpkg/info/astra-extra.postinst ]; then
#chroot $TARGET /var/lib/dpkg/info/astra-extra.postinst configure
#fi

#restrict_file_list="/usr/lib/python2.6/dist-packages/_dbus_glib_bindings.so /usr/lib/python2.6/dist-packages/_dbus_bindings.so /usr/lib/python2.7/dist-packages/_dbus_glib_bindings.so \
#/usr/lib/python2.7/dist-packages/_dbus_bindings.so /usr/lib/python2.6/dist-packages/_dbus_bindings_d.so /usr/lib/python2.6/dist-packages/_dbus_glib_bindings_d.so \
#/usr/lib/python2.7/dist-packages/_dbus_bindings_d.so /usr/lib/python2.7/dist-packages/_dbus_glib_bindings_d.so /usr/lib/python3/dist-packages/_dbus_bindings.cpython-32mu.so \
#/usr/lib/python3/dist-packages/_dbus_glib_bindings.cpython-32mu.so /usr/lib/python3/dist-packages/_dbus_bindings.cpython-32dmu.so \
#/usr/lib/python3/dist-packages/_dbus_glib_bindings.cpython-32dmu.so /usr/lib/python2.6/dist-packages/PyQt4/QtDBus.so /usr/lib/python2.7/dist-packages/PyQt4/QtDBus.so \
#/usr/lib/python2.6/dist-packages/PyQt4/QtDBus_d.so /usr/lib/python2.7/dist-packages/PyQt4/QtDBus_d.so /usr/lib/python2.6/dist-packages/dbus/mainloop/qt.so \
#/usr/lib/python2.7/dist-packages/dbus/mainloop/qt.so /usr/lib/python2.6/dist-packages/dbus/mainloop/qt_d.so /usr/lib/python2.7/dist-packages/dbus/mainloop/qt_d.so \
#/usr/lib/python3/dist-packages/PyQt4/QtDBus.cpython-32mu.so /usr/lib/python3/dist-packages/PyQt4/QtDBus.cpython-32dmu.so /usr/lib/python3/dist-packages/dbus/mainloop/qt.cpython-32mu.so \
#/usr/lib/python3/dist-packages/dbus/mainloop/qt.cpython-32dmu.so /usr/lib/python2.7/dist-packages/PyQt5/QtDBus.so /usr/lib/python2.7/dist-packages/PyQt5/QtDBus_d.so \
#/usr/lib/python2.7/dist-packages/dbus/mainloop/pyqt5.so /usr/lib/python2.7/dist-packages/dbus/mainloop/pyqt5_d.so /usr/lib/python3/dist-packages/PyQt5/QtDBus.cpython-32mu.so \
#/usr/lib/python3/dist-packages/PyQt5/QtDBus.cpython-32dmu.so /usr/lib/python3/dist-packages/dbus/mainloop/pyqt5.cpython-32mu.so \
#/usr/lib/python3/dist-packages/dbus/mainloop/pyqt5.cpython-32dmu.so"

#restrict_file_list="/usr/lib/python2.7/lib-dynload/_ctypes.x86_64-linux-gnu.so /usr/lib/python2.7/lib-dynload/_ctypes_test.x86_64-linux-gnu.so \
#/usr/lib/python3.5/lib-dynload/_ctypes.cpython-35m-x86_64-linux-gnu.so /usr/lib/python3.5/lib-dynload/_ctypes_test.cpython-35m-x86_64-linux-gnu.so "

restrict_file_list=""

#disable_services="mysql-ndb-mgm mysql-ndb mysql exim4 freeradius ejabberd nfs-kernel-server samba dovecot squid apache2 ipx bind9 ntp postgresql-8.4 dhcp3-server nfs-common openvpn pppd-dns pptpd snmpd slpd vsftpd rsync isc-dhcp-server openbsd-inetd"

disable_services="apache2.service bind9.service exim4 dovecot.service ejabberd.service nfs-client.target ntp nfs-server.service nmbd.service smbd.service snmpd.service pppd-dns.service ssh.service vsftpd.service winbind.service bluetooth.service openvpn.service sssd.service firewalld.service systemd-timesyncd.service"

#for cur_serv in ${disable_services}; do
#	for rcdir in ${TARGET}/etc/rc0.d ${TARGET}/etc/rc1.d ${TARGET}/etc/rc2.d ${TARGET}/etc/rc3.d ${TARGET}/etc/rc4.d ${TARGET}/etc/rc5.d ${TARGET}/etc/rc6.d ${TARGET}/etc/rcS.d; do
#		find $rcdir -name [SK][0-9][0-9]${cur_serv} -exec rm -f {} \;
#	done
#done

#mount -o bind /dev ${TARGET}/dev
#mount -o bind /proc ${TARGET}/proc
#mount -o bind /sys ${TARGET}/sys

for cur_serv in ${disable_services}; do
	    chroot ${TARGET} systemctl disable $cur_serv
done

if [ -e ${TARGET}/usr/bin/X ]; then
    if [ `lspci | grep VGA | grep -i " ati " | wc -l` -gt 0 ] ;then
	echo ATI
	if [ -e ${TARGET}/usr/bin/aticonfig ]; then
#	    mount -o bind /proc ${TARGET}/proc
	    chroot ${TARGET} aticonfig --initial -f
#	    umount ${TARGET}/proc
	fi
    fi
fi
if [ -e ${TARGET}/usr/bin/X ]; then
    if [ `lspci | grep VGA | grep -i "nvidia" | wc -l` -gt 0 ] ;then
	echo NVIDIA
	if [ -e ${TARGET}/usr/bin/nvidia-xconfig ]; then
	    chroot ${TARGET} nvidia-xconfig
	fi
    fi
fi

#new='/tmp/new'
#>$new
#IFS=$'
#'
#for i in `cat ${TARGET}/etc/fstab`
#do
#	    f=`echo "$i" | cut -f 1 | cut -f 1 -d ' '`
#	    echo $f
#	    if [ -L "$f" ]
#	    then
#	        real=`readlink -f $f`
#	        echo "$i" | sed "s|$f|$real|" >> $new
#	    else
#	       echo "$i" >> $new
#	    fi
#done
#cat $new > ${TARGET}/etc/fstab

#chroot ${TARGET} polkit-action --set-defaults-active org.freedesktop.hal.storage.mount-fixed yes

if [ -f ${TARGET}/usr/bin/ntfs-3g ]; then
    ln -sf /usr/bin/ntfs-3g  ${TARGET}/sbin/mount.ntfs
fi

if [ -f ${TARGET}/bin/bash ]; then
    ln -sf /bin/bash ${TARGET}/bin/sh
fi

# Включение splash и настройка фонового изображения для grub.
if [ -f ${TARGET}/usr/sbin/plymouth-set-default-theme ]; then
	echo "exit 0" >> ${TARGET}/usr/sbin/plymouth-set-default-theme
fi
# setting theme and pictures
if [ -f ${TARGET}/usr/share/plymouth/debian-logo.png ]; then
	mv -f ${TARGET}/usr/share/plymouth/debian-logo.png ${TARGET}/usr/share/plymouth/debian-logo_orig.png
	cp ${TARGET}/usr/share/astra-extra/debian-logo.png ${TARGET}/usr/share/plymouth/debian-logo.png
	mv -f ${TARGET}/usr/share/plymouth/themes/fade-in/star.png ${TARGET}/usr/share/plymouth/themes/fade-in/star_orig.png
	cp ${TARGET}/usr/share/astra-extra/star.png ${TARGET}/usr/share/plymouth/themes/fade-in/star.png
	chroot ${TARGET} /usr/sbin/plymouth-set-default-theme -R fade-in
fi

# plymouth fix (switch back to console or DM after showing splash)
if [ -f ${TARGET}/etc/init.d/plymouth ]; then
	sed -e 's/\ --retain-splash//g' ${TARGET}/etc/init.d/plymouth > ${TARGET}/etc/init.d/plymouth_
	mv -f ${TARGET}/etc/init.d/plymouth_ ${TARGET}/etc/init.d/plymouth
	chmod 755 ${TARGET}/etc/init.d/plymouth
fi

# setting grub2 params
# Also edit /etc/default/grub
if [ -f ${TARGET}/etc/default/grub ]; then
#	sed 's/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\"/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\ splash\ net\.ifnames\=0"/g' ${TARGET}/etc/default/grub > ./newgrub
#	sed 's/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\"/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\ net\.ifnames\=0\ fsck\.mode\=skip"/g' ${TARGET}/etc/default/grub > ./newgrub
#	sed 's/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\"/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\ net\.ifnames\=0 systemd.legacy_systemd_cgroup_controller"/g' ${TARGET}/etc/default/grub > ./newgrub
	sed 's/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\"/GRUB\_CMDLINE\_LINUX\_DEFAULT\=\"quiet\ net\.ifnames\=0"/g' ${TARGET}/etc/default/grub > ./newgrub
	mv -f ./newgrub ${TARGET}/etc/default/grub
	sed 's/\#GRUB\_GFXMODE\=640x480/GRUB\_GFXMODE\=1024x768/g' ${TARGET}/etc/default/grub > ./newgrub
	mv -f ./newgrub ${TARGET}/etc/default/grub
	sed -i 's/GRUB_CMDLINE_LINUX_HARDENED=.*/GRUB_CMDLINE_LINUX_HARDENED=\"slub_debug=P page_poison=1 slab_nomerge pti=on user.max_user_namespaces=0 kernel.kptr_restrict=1 vsyscall=none\"/g' ${TARGET}/etc/default/grub
#	echo "uvesafb" >> ${TARGET}/etc/initramfs-tools/modules
#	echo "drm" >> ${TARGET}/etc/initramfs-tools/modules
#	if [ `lspci | grep VGA | grep "ATI" | wc -l` -gt 0 ] ; then
#		echo ATI
#		echo "radeon modeset=1" >> ${TARGET}/etc/initramfs-tools/modules
#	fi
#	if [ `lspci | grep VGA | grep -i "nvidia" | wc -l` -gt 0 ] ; then
#		echo NVIDIA
#		echo "nouveau modeset=1" >> ${TARGET}/etc/initramfs-tools/modules
#	fi
#	if [ `lspci | grep VGA | grep -i "Intel" | wc -l` -gt 0 ]; then
#		echo Intel
#		echo "i915 modeset=1" >> ${TARGET}/etc/initramfs-tools/modules
#	fi
	echo FRAMEBUFFER=y >> ${TARGET}/etc/initramfs-tools/conf.d/splash
	if [ -f ${TARGET}/etc/grub.d/07_password ]; then
		cat ${TARGET}/etc/grub.d/07_password | sed -e "s/\r//g" > ${TARGET}/etc/grub.d/07_password_
		mv -f ${TARGET}/etc/grub.d/07_password_ ${TARGET}/etc/grub.d/07_password
		chmod +x ${TARGET}/etc/grub.d/07_password
	fi
#	chroot ${TARGET} mount /proc
#	chroot ${TARGET} mount /sys
#	chroot ${TARGET} mount /dev/pts
# Disable submenu
	echo "GRUB_DISABLE_SUBMENU=y" >> ${TARGET}/etc/default/grub
#	chroot ${TARGET} /usr/sbin/update-grub
# Set correct kernel to boot
	cat ${TARGET}/etc/default/grub | sed -e 's/GRUB_DEFAULT=/#GRUB_DEFAULT=/g' > ${TARGET}/etc/default/grub_
	mv -f ${TARGET}/etc/default/grub_ ${TARGET}/etc/default/grub
	kern_ver=`uname -r`
	cat ${TARGET}/boot/grub/grub.cfg | grep "menuentry '" | grep ${kern_ver} | grep -v "recovery mode" | cut -d"'" -f4 > /string_id
	for i in `cat /string_id`; do
		echo "GRUB_DEFAULT=${i}" >> ${TARGET}/etc/default/grub
		break
	done
	rm -f /string_id

	# baikal fix BT-34870
	sed -i '/^GRUB_CMDLINE_LINUX_DEFAULT=/s/="\(.*\)"/="\1 xhci_hcd.quirks=128"/' ${TARGET}/etc/default/grub

# update initramfs for plymouth splash
# do it later	chroot ${TARGET} /usr/sbin/update-grub
# do it later	chroot ${TARGET} /usr/sbin/update-initramfs -u -k all
fi

# grub2 EFI fix
mount_point_efi=`find ${TARGET} -type f -name grubx64.efi | grep "EFI" | sed -e 's/EFI.*//g'`
if [ ! $mount_point_efi ]; then
	mount_point_efi=`find ${TARGET} -type f -name grubaa64.efi | grep "EFI" | sed -e 's/EFI.*//g'`
fi
if [ $mount_point_efi ]; then
	astra_efi=`ls $mount_point_efi/EFI | grep -i astra`
	if [ ! $astra_efi ]; then
		debian_efi=`ls $mount_point_efi/EFI | grep -i debian`
		if [ $debian_efi ]; then
			mkdir -p $mount_point_efi/EFI/astralinux
			cp $mount_point_efi/EFI/${debian_efi}/* $mount_point_efi/EFI/astralinux/
			rm -rf $mount_point_efi/EFI/${debian_efi}
		fi
	fi
	astra_efi=`ls $mount_point_efi/EFI | grep -i astra`
	if [ ! -d $mount_point_efi/EFI/Boot ]; then
		mkdir -p $mount_point_efi/EFI/Boot
		if [ -f $mount_point_efi/EFI/${astra_efi}/grubx64.efi ]; then
			cp $mount_point_efi/EFI/${astra_efi}/grubx64.efi $mount_point_efi/EFI/Boot/bootx64.efi
		fi
		if [ -f $mount_point_efi/EFI/${astra_efi}/grubaa64.efi ]; then
			cp $mount_point_efi/EFI/${astra_efi}/grubaa64.efi $mount_point_efi/EFI/Boot/bootaa64.efi
		fi
		# grub2 EFI fix for grub-efi-ia32
		if [ -f $mount_point_efi/EFI/${astra_efi}/grubia32.efi ]; then
			cp $mount_point_efi/EFI/${astra_efi}/grubia32.efi $mount_point_efi/EFI/Boot/bootia32.efi
		fi
	else
		# grub2 EFI fix for grub-efi-ia32
		if [ -f $mount_point_efi/EFI/Boot/bootia32.efi ]; then
			if [ -f $mount_point_efi/EFI/${astra_efi}/grubia32.efi ]; then
				mv -f $mount_point_efi/EFI/Boot/bootia32.efi $mount_point_efi/EFI/Boot/bootia32.efi_old
				cp $mount_point_efi/EFI/${astra_efi}/grubia32.efi $mount_point_efi/EFI/Boot/bootia32.efi
			fi
		else
			if [ -f $mount_point_efi/EFI/${astra_efi}/grubia32.efi ]; then
				cp $mount_point_efi/EFI/${astra_efi}/grubia32.efi $mount_point_efi/EFI/Boot/bootia32.efi
			fi
		fi
		if [ -f $mount_point_efi/EFI/Boot/bootx64.efi ]; then
			mv -f $mount_point_efi/EFI/Boot/bootx64.efi $mount_point_efi/EFI/Boot/bootx64.efi_old
			cp $mount_point_efi/EFI/${astra_efi}/grubx64.efi $mount_point_efi/EFI/Boot/bootx64.efi
		else
			cp $mount_point_efi/EFI/${astra_efi}/grubx64.efi $mount_point_efi/EFI/Boot/bootx64.efi
		fi
		if [ -f $mount_point_efi/EFI/Boot/bootaa64.efi ]; then
			mv -f $mount_point_efi/EFI/Boot/bootaa64.efi $mount_point_efi/EFI/Boot/bootaa64.efi_old
			cp $mount_point_efi/EFI/${astra_efi}/grubaa64.efi $mount_point_efi/EFI/Boot/bootaa64.efi
		else
			cp $mount_point_efi/EFI/${astra_efi}/grubaa64.efi $mount_point_efi/EFI/Boot/bootaa64.efi
		fi
	fi
fi

#	chroot ${TARGET} /usr/sbin/update-grub

# Little dirty hack to setupcon
if [ -f ${TARGET}/bin/setupcon ]; then
	cat ${TARGET}/bin/setupcon | sed -e 's/there\.\ >\&2/there\.\ > \/dev\/null/g' > ${TARGET}/bin/setupcon_
	chmod +x ${TARGET}/bin/setupcon_
	mv -f ${TARGET}/bin/setupcon_ ${TARGET}/bin/setupcon
fi

if [ -f ${TARGET}/etc/adduser.conf ]; then
    cat ${TARGET}/etc/adduser.conf | sed -e 's/#ADD_EXTRA_GROUPS=1/ADD_EXTRA_GROUPS=1/g' > ${TARGET}/etc/adduser.conf_
    mv -f ${TARGET}/etc/adduser.conf_ ${TARGET}/etc/adduser.conf
    cat ${TARGET}/etc/adduser.conf | sed -e 's/#EXTRA_GROUPS=\"/EXTRA_GROUPS=\"fuse\ weston-launch\ /g' > ${TARGET}/etc/adduser.conf_
    mv -f ${TARGET}/etc/adduser.conf_ ${TARGET}/etc/adduser.conf
#    perl -pi -e 's|#ADD_EXTRA_GROUPS=1|ADD_EXTRA_GROUPS=1|' ${TARGET}/etc/adduser.conf
#    perl -pi -e 's|#EXTRA_GROUPS=.*|EXTRA_GROUPS="fuse"|' ${TARGET}/etc/adduser.conf
fi

#	echo "[General]" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "desktopFont=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "fixed=Terminus,11,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "font=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "menuFont=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "smallestReadableFont=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "taskbarFont=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "toolBarFont=Verdana,10,-1,5,50,0,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "[WM]" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "activeFont=Verdana,10,-1,5,75,1,0,0,0,0" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#	echo "" >> ${TARGET}/usr/share/kde4/config/kdeglobals
#fi

if [ -f ${TARGET}/null ]; then
    rm -f ${TARGET}/null
fi
if [ -f ${TARGET}/.cache ]; then
    rm -fr ${TARGET}/.cache
fi
if [ -f ${TARGET}/.rcc ]; then
    rm -fr ${TARGET}/.rcc
fi

##### No need any more, ubuntu kmod include this

### Fix pcspkr & evbug
#mkdir -p ${TARGET}/etc/modules-load.d/
#mkdir -p ${TARGET}/etc/modprobe.d/
#echo "# evbug is a debug tool that should be loaded explicitly" >> ${TARGET}/etc/modules-load.d/blacklist.conf
#echo "evbug" >> ${TARGET}/etc/modules-load.d/blacklist.conf
#echo "# evbug is a debug tool that should be loaded explicitly" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo "blacklist evbug" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo -e "\n# disable PC speaker" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo "blacklist pcspkr" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo "blacklist snd_pcsp" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo "blacklist radeonfb" >> ${TARGET}/etc/modprobe.d/blacklist.conf
#echo -e "\n# disable PC speaker" >> ${TARGET}/etc/modules-load.d/blacklist.conf
#echo "pcspkr" >> ${TARGET}/etc/modules-load.d/blacklist.conf
#echo "snd_pcsp" >> ${TARGET}/etc/modules-load.d/blacklist.conf
#echo "radeonfb" >> ${TARGET}/etc/modules-load.d/blacklist.conf

# reset faillog for admin
if [ -f ${TARGET}/usr/bin/faillog ]; then
	chroot ${TARGET} /usr/bin/faillog -u ${ADMIN} -m 0
fi

################# Mandatory Integrity Control
if [ -d ${TARGET}/etc/parsec/micdb ]; then
    echo "${ADMIN}:3f" > ${TARGET}/etc/parsec/micdb/1000
    chmod 0640 ${TARGET}/etc/parsec/micdb/1000
    chown 0.1000 ${TARGET}/etc/parsec/micdb/1000
fi
#now in addition settings
#sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT=\"/GRUB_CMDLINE_LINUX_DEFAULT=\"parsec.max_ilev=63 /g'  ${TARGET}/etc/default/grub
################



# cracklib fix
###temp delmkdir -p ${TARGET}/var/cache/cracklib
###temp delchroot ${TARGET} /usr/sbin/create-cracklib-dict /usr/share/dict/*
###temp delchroot ${TARGET} /usr/sbin/update-default-wordlist

# Запуск скпипта при первом старте системы
### disable cat << EOF > ${TARGET}/etc/rc.local
### disable #!/bin/sh -e
### disable #
### disable # rc.local
### disable #
### disable # This script is executed at the end of each multiuser runlevel.
### disable # Make sure that the script will "exit 0" on success or any other
### disable # value on error.
### disable #
### disable # In order to enable or disable this script just change the execution
### disable # bits.
### disable #
### disable # By default this script does nothing.
### disable
### disable FLAG="/var/log/firstboot.log"
### disable if [ ! -f \$FLAG ]; then
### disable #Put here your initialization sentences
### disable 	echo "This is the first boot"
### disable #the next line creates an empty file so it won't run the next boot
### disable 	touch \$FLAG
### disable else
### disable 	echo "Do nothing"
### disable fi
### disable
### disable exit 0
### disable
### disable EOF
### disable
### disable chmod +x ${TARGET}/etc/rc.local

# Disable ipv6
#echo "net.ipv6.conf.all.disable_ipv6 = 1" >> ${TARGET}/etc/sysctl.conf

if [ -f ${TARGET}/usr/share/applications/nautilus.desktop ]; then
    sed -i 's|OnlyShowIn.*||g'  ${TARGET}/usr/share/applications/nautilus.desktop
fi

if [ -f /live ]; then
    mount -o bind /run ${TARGET}/run
fi

#os_check=`debconf-get astra-additional-setup/os-check`
#case ${os_check} in
#	"Orel-base")
#	"Base security level Orel")
#		os_mode="-orel"
#		echo "MODE=0" > ${TARGET}/etc/astra_license
#		echo "DESCRIPTION=base(orel)" >> ${TARGET}/etc/astra_license
#		echo "URL=https://astralinux.ru/information/licenses" >> ${TARGET}/etc/astra_license
#		echo 0 > ${TARGET}/etc/parsec/astra_mode
#		chroot ${TARGET} /usr/sbin/astra-modeswitch set 0
#	    ;;
#	"Voronezh-extended")
#	"Advanced security level Voronezh")
#		os_mode="-voronezh"
#		echo "MODE=1" > ${TARGET}/etc/astra_license
#		echo "DESCRIPTION=advanced(voronezh)" >> ${TARGET}/etc/astra_license
#		echo "URL=https://astralinux.ru/information/licenses" >> ${TARGET}/etc/astra_license
#		echo 1 > ${TARGET}/etc/parsec/astra_mode
#		chroot ${TARGET} /usr/sbin/astra-modeswitch set 1
#	    ;;
#	"Smolensk-maximum")
#	"Maximum security level Smolensk")
#		os_mode="-smolensk"
#		echo "MODE=2" > ${TARGET}/etc/astra_license
#		echo "DESCRIPTION=maximum(smolensk)" >> ${TARGET}/etc/astra_license
#		echo "URL=https://astralinux.ru/information/licenses" >> ${TARGET}/etc/astra_license
#		echo 2 > ${TARGET}/etc/parsec/astra_mode
#		chroot ${TARGET} /usr/sbin/astra-modeswitch set 2
#	    ;;
#esac
if [ -f ${TARGET}/usr/bin/genfly-dmconf.post ] && [ -f ${TARGET}/etc/X11/fly-dm/fly-dmrc ]; then
    chroot ${TARGET} /usr/bin/genfly-dmconf.post
fi
### disable in 1.7
# grub2 EFI fix for Z37xx
#tablet_z37xx=`cat /var/log/syslog | grep "CPU" | grep "Z37"`
#if [ "`mount | grep "boot/efi"`" != "" ]; then
#install_32bit=`debconf-get astra-additional-setup/additional-settings${os_mode} | grep "Install 32-bit bootloader"`
#fi
#if [ "${tablet_z37xx}" != "" ] || [ "$install_32bit" != "" ]; then
#	if [ -d ${TARGET}/opt/baytrail ]; then
#		cp -rf ${TARGET}/etc/default/grub ${TARGET}/etc/default/grub-orig
#		chroot ${TARGET} /usr/bin/dpkg -P grub-efi
#		chroot ${TARGET} /usr/bin/dpkg -P grub-efi-amd64
#		chroot ${TARGET} /usr/bin/dpkg -P grub-efi-amd64-bin
#		echo "ucf	ucf/changeprompt_threeway	select	install_new" > ${TARGET}/opt/grub_selections
#		echo "ucf	ucf/changeprompt	select	install_new" >> /target/opt/grub_selections
#
#		chroot ${TARGET} /usr/bin/debconf-set-selections /opt/grub_selections
#		if [ -f ${TARGET}/opt/grub_selections ]; then
#			rm ${TARGET}/opt/grub_selections
#		fi
#		mv -f ${TARGET}/etc/default/grub-orig ${TARGET}/etc/default/grub
#		for i in `ls ${TARGET}/opt/baytrail`
#			do
#			if [ "$tablet_z37" != "" ]; then
#				chroot ${TARGET} /usr/bin/dpkg -i /opt/baytrail/$i
#			else
#				if [ `echo $i | grep "grub"` ]; then
#					chroot ${TARGET} /usr/bin/dpkg -i /opt/baytrail/$i
#				fi
#			fi
#			done
#	fi
#	in-target sh -c "debconf-apt-progress --no-progress --logstderr -- \
#		apt-get -f -y install"
#
#		hardware_name=`cat /var/log/syslog | grep "DMI" | grep "ASUS"`
#		if [ "${hardware_name}" != "" ]; then
#			if  [ -f ${TARGET}/etc/default/grub ]; then
#				if [ -z "`cat ${TARGET}/etc/default/grub | grep "i915.force_backlight_pmic=1"`" ]; then
#					sed -i -e 's/GRUB_CMDLINE_LINUX=\"reboot=pci\,force /GRUB_CMDLINE_LINUX=\"reboot=pci\,force i915.force_backlight_pmic=1 /g' ${TARGET}/etc/default/grub
#				fi
#			fi
#			chroot ${TARGET} /usr/sbin/update-grub
#		fi
#fi
#if [ -d ${TARGET}/opt/baytrail ]; then
#		chroot ${TARGET} /usr/bin/dpkg -P baytrail-install
#fi
#### disable in 1.7

# Disable automatic network configuration
#if debconf-get tasksel/first | grep -q Fly; then
#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Disable automatic network configuration'; then
#	#chroot ${TARGET} /sbin/chkconfig --del wicd
#	chroot ${TARGET} /bin/systemctl mask network-manager.service
#	chroot ${TARGET} /bin/systemctl mask NetworkManager.service
#	chroot ${TARGET} /bin/systemctl mask NetworkManager-wait-online.service
#	chroot ${TARGET} /bin/systemctl mask connman.service
#	chroot ${TARGET} /bin/systemctl mask connman-wait-online.service
#	if [ -f ${TARGET}/etc/xdg/autostart/nm-applet.desktop ]; then
#		rm ${TARGET}/etc/xdg/autostart/nm-applet.desktop
#	fi
#fi
#else
#	if debconf-get astra-additional-setup/automatic-network-disable | grep -q 'Disable automatic network configuration'; then
#		chroot ${TARGET} /sbin/chkconfig --del wicd
#		chroot ${TARGET} /bin/systemctl mask network-manager.service
#		chroot ${TARGET} /bin/systemctl mask NetworkManager.service
#		chroot ${TARGET} /bin/systemctl mask NetworkManager-wait-online.service
#		chroot ${TARGET} /bin/systemctl mask connman.service
#		chroot ${TARGET} /bin/systemctl mask connman-wait-online.service
#		if [ -f ${TARGET}/etc/xdg/autostart/nm-applet.desktop ]; then
#			rm ${TARGET}/etc/xdg/autostart/nm-applet.desktop
#		fi
#	fi
#fi

# SZI addition setup begin
#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Enable ELF signature check'; then
#	sed -i 's/DIGSIG_LOAD_KEYS=0/DIGSIG_LOAD_KEYS=1/g' ${TARGET}/etc/digsig/digsig_initramfs.conf
#	sed -i 's/DIGSIG_ENFORCE=0/DIGSIG_ENFORCE=1/g' ${TARGET}/etc/digsig/digsig_initramfs.conf
#	sed -i 's/DIGSIG_ELF_MODE=0/DIGSIG_ELF_MODE=1/g' ${TARGET}/etc/digsig/digsig_initramfs.conf
#	chroot ${TARGET} /usr/sbin/astra-digsig-control enable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Disable non-execution bit setup'; then
#	echo "1" > ${TARGET}/etc/parsec/nochmodx
#	chroot ${TARGET} /usr/sbin/astra-nochmodx-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Use kernel with PaX'; then
#	cat ${TARGET}/boot/grub/grub.cfg | grep "menuentry '" | grep "pax" | grep -v "recovery mode" | cut -d"'" -f4 > /string_id
#	sed -i 's/GRUB_DEFAULT=.*//g' ${TARGET}/etc/default/grub
#	for i in `cat /string_id`; do
#		echo "GRUB_DEFAULT=${i}" >> ${TARGET}/etc/default/grub
#		break
#	done
#	rm -f /string_id
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Use Hardened kernel'; then
#	cat ${TARGET}/boot/grub/grub.cfg | grep "menuentry '" | grep "hardened" | grep -v "recovery mode" | cut -d"'" -f4 > /string_id
#	sed -i 's/GRUB_DEFAULT=.*//g' ${TARGET}/etc/default/grub
#	for i in `cat /string_id`; do
#		echo "GRUB_DEFAULT=${i}" >> ${TARGET}/etc/default/grub
#		break
#	done
#	rm -f /string_id
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Disable bootloader menu show up'; then
#	echo "GRUB_HIDDEN_TIMEOUT=0" >> ${TARGET}/etc/default/grub
#	sed -i 's/GRUB_TIMEOUT=.*/GRUB_TIMEOUT=0/g' ${TARGET}/etc/default/grub
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Clearing freed external memory'; then
#	sed -i 's/ENABLED=N/ENABLED=Y/g' ${TARGET}/etc/parsec/swap_wiper.conf
#	chroot ${TARGET} /usr/sbin/astra-swapwiper-control enable
#	chroot ${TARGET} /usr/sbin/astra-secdel-control enable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Enable console lock'; then
#	chroot ${TARGET} /usr/sbin/astra-console-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Enable scripts lock'; then
#	chroot ${TARGET} /usr/sbin/astra-interpreters-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Enable macros lock'; then
#	chroot ${TARGET} /usr/sbin/astra-macros-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Disable simultaneous graphics sessions'; then
#	chroot ${TARGET} /usr/sbin/astra-sumac-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Enable ufw firewall'; then
##	chroot ${TARGET} /usr/sbin/astra-ufw-control enable
#	sed -i "s/.*ENABLED.*/ENABLED=yes/g" ${TARGET}/etc/ufw/ufw.conf
#	chroot ${TARGET} /usr/sbin/ufw enable
#else
#	chroot ${TARGET} /usr/sbin/ufw disable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Enable system limits'; then
#	chroot ${TARGET} /usr/sbin/astra-ulimits-control enable
#else
#	chroot ${TARGET} /usr/sbin/astra-ulimits-control disable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Request password for sudo command'; then
#	echo "%astra-admin	ALL=(ALL:ALL) ALL" >> ${TARGET}/etc/sudoers
#else
#	echo "%astra-admin	ALL=(ALL:ALL) NOPASSWD: ALL" >> ${TARGET}/etc/sudoers
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Disable ptrace capability'; then
#	chroot ${TARGET} /usr/sbin/astra-ptrace-lock enable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Enable Mandatory Integrity Control'; then
#	sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT=\"/GRUB_CMDLINE_LINUX_DEFAULT=\"parsec.max_ilev=63 /g'  ${TARGET}/etc/default/grub
#	chroot ${TARGET} /usr/lib/parsec/setup/set-fs-ilev-di
#	chroot ${TARGET} /usr/sbin/astra-mic-control enable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Enable Mandatory Access Control'; then
#	chroot ${TARGET} /usr/sbin/astra-mac-control enable
#else
#	chroot ${TARGET} /usr/sbin/astra-mac-control disable
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Enable freeing regions cleanup on EXT-partitions'; then
###########
#cat > ${TARGET}/enable_secdel << EOF
#IFS=$'
#'
#> /etc/fstab_new
#	for i in \`cat /etc/fstab\`; do
#	    ext_string=\`echo \${i} | grep ext | awk '{print \$3}' | grep ext\`
#	    if [ "\${ext_string}" != "" ]; then
#		echo \${i} | awk '{print \$1"\t"\$2"\t"\$3"\t"\$4",secdel\t"\$5"\t"\$6}' >> /etc/fstab_new
#	    else
#		echo "\${i}" >> /etc/fstab_new
#	    fi
#	    ext_string=""
#	done
#	mv -f /etc/fstab_new /etc/fstab
#	chmod 644 /etc/fstab
#EOF
#chmod 777 ${TARGET}/enable_secdel
#chroot ${TARGET} /enable_secdel
#rm -f  ${TARGET}/enable_secdel
###########
#	chroot ${TARGET} /usr/sbin/astra-secdel-control enable
#fi
# говорим, что время в биосе не UTC, а местное, чтобы не двигалось на 4 часа вперед
#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Local time for system clock'; then
#    if [ -f ${TARGET}/etc/adjtime ]; then
#	sed -i 's/UTC/LOCAL/g' ${TARGET}/etc/adjtime
#	chroot ${TARGET} /sbin/hwclock -w
#	sed -i 's/UTC/LOCAL/g' ${TARGET}/etc/adjtime
#	chroot ${TARGET} /sbin/hwclock --hctosys --debug
#	chroot ${TARGET} /sbin/hwclock --localtime --systohc --debug
#    else
#cat > ${TARGET}/etc/adjtime << "EOF"
#0.0 0 0.0
#0
#LOCAL
#EOF
#	chroot ${TARGET} /sbin/hwclock --localtime --hctosys --debug
#	chroot ${TARGET} /sbin/hwclock --localtime --systohc --debug
#    fi
#fi

#if debconf-get astra-additional-setup/additional-settings${os_mode} | grep -q 'Enable autologin to X session'; then
#	sed -i 's/.*AutoLoginEnable=.*/AutoLoginEnable=true/g'  ${TARGET}/etc/X11/fly-dm/fly-dmrc
#	sed -i "s/.*AutoLoginUser=.*/AutoLoginUser=${ADMIN}/g"  ${TARGET}/etc/X11/fly-dm/fly-dmrc
#fi

#if debconf-get tasksel/first | grep -q -e "SSH server" -e "Средства удаленного подключения SSH"; then
#	chroot ${TARGET} /bin/systemctl enable ssh.service
#fi

IFS=$' '

#if debconf-get tasksel/first | grep -q -e "Virtualization tool" -e "Средства Виртуализации"; then
#	ngroups="kvm libvirt libvirt-qemu vboxusers"
#	for grp in $ngroups
#	    do
#		chroot ${TARGET} /usr/sbin/addgroup ${ADMIN} $grp
#	    done
#	egroups=`cat ${TARGET}/etc/adduser.conf | grep "^EXTRA_GROUPS=" | cut -d "\"" -f2`
#	for ngrp in $ngroups
#	    do
#		add="1"
#		for egrp in $egroups
#		    do
#			if [ "$ngrp" = "$egrp" ]; then
#				add="0"
#				break;
#			fi
#		    done
#		if [ $add -eq 1 ]; then
#			sed -i -e "s/\\(^EXTRA_GROUPS=\".*\\).*\\(\"\\)/\\1 $ngrp\\2/g" ${TARGET}/etc/adduser.conf
#		fi
#	    done
#fi

# SZI addition setup end

# Setting rights restrictions on several files
#IFS=' '
#for i in ${restrict_file_list}; do
#	chroot ${TARGET} /usr/bin/dpkg-statoverride --update --add root root 0640 ${i}
#done

chroot ${TARGET} /usr/bin/dpkg-statoverride --force --update --add root crontab 755 /usr/bin/crontab

# update initramfs
#mount -o bind /proc ${TARGET}/proc
#chroot ${TARGET} /usr/sbin/update-grub
#chroot ${TARGET} /usr/sbin/update-initramfs -u -k all
#chroot ${TARGET} /usr/sbin/parsec_pam del
#umount ${TARGET}/proc
#disable szi:
#rm -rf ${TARGET}/lib/modules/*/misc; chroot ${TARGET} /sbin/depmod -a; chroot ${TARGET} /usr/sbin/parsec_pam del; chroot ${TARGET} /usr/sbin/update-initramfs -u -k all

sed -i 's/#HandlePowerKey=poweroff/HandlePowerKey=ignore/g'  ${TARGET}/etc/systemd/logind.conf
#echo "NotShowIn=fly-mobile" >>  ${TARGET}/etc/xdg/autostart/qasmixer.desktop
#echo "" >>  ${TARGET}/etc/xdg/autostart/fly-update-notifier.desktop
#echo -e "\nNotShowIn=fly-mobile" >>  ${TARGET}/etc/xdg/autostart/fly-update-notifier.desktop

#if [ -f ${TARGET}/lib/systemd/system/NetworkManager.service ]; then
#    sed -i '/ExecStart=.*/i ExecStartPre=\/bin\/rm -f \/etc\/resolv\.conf' ${TARGET}/lib/systemd/system/NetworkManager.service
#fi

#sed -e "s/^\* hard fsize 50000000.*/#\* hard fsize 50000000/" -i ${TARGET}/etc/security/limits.conf
#sed -e "s/^\* soft fsize 25000000.*/#\* soft fsize 25000000/" -i ${TARGET}/etc/security/limits.conf
#sed -e "s/^\* hard nofile 4096.*/#\* hard nofile 4096/" -i ${TARGET}/etc/security/limits.conf
#sed -e "s/^\* soft nofile 2048.*/#\* soft nofile 2048/" -i ${TARGET}/etc/security/limits.conf
#sed -e "s/^\* hard nproc 2000.*/#\* hard nproc 2000/" -i ${TARGET}/etc/security/limits.conf
#sed -e "s/^\* soft nproc 1000.*/#\* soft nproc 1000/" -i ${TARGET}/etc/security/limits.conf

if [ -d ${TARGET}/etc/gtk-2.0 ]; then
    echo "gtk-font-name=\"Verdana 10\" " >> ${TARGET}/etc/gtk-2.0/gtkrc
fi

# umount here mounted above
# fix lsb_release
cp ${TARGET}/etc/os-release ${TARGET}/usr/lib

# Reconfigure cups-filters (BT-16121)
if [ -f ${TARGET}/etc/modules-load.d/cups-filters.conf ]; then
    echo "LOAD_LP_MODULE=no" >> ${TARGET}/etc/default/cups
    chroot ${TARGET} dpkg-reconfigure -f noninteractive cups-filters
fi

# Disable suspend allow hibernation (BT-21205, BT-34870)
if [ -f ${TARGET}/etc/systemd/sleep.conf ]; then
  echo "AllowSuspend=no" >> ${TARGET}/etc/systemd/sleep.conf
fi

# Set dpi (BT-22185)
if [ -d ${TARGET}/etc/X11/fly-dm ]; then
  echo "96" > ${TARGET}/etc/X11/fly-dm/dpi
fi

#umount ${TARGET}/proc
#umount ${TARGET}/sys
#umount ${TARGET}/dev/pts

# Last commant thru preseed
#preseed_command preseed/late_command
