#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/sa-update_wrapper               Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use strict;
use warnings;
use Cpanel::Binaries            ();
use Cpanel::SafeRun::Object     ();
use Cpanel::SpamAssassin::Rules ();

alarm(3600);

if ($>) {
    die "$0: must run as root";
}

my $saupdate_bin = Cpanel::Binaries::path('sa-update');

if ( $ENV{CPANEL_BASE_INSTALL} ) {
    print STDERR "“$0” refuses to run during a cPanel installation.\n";
    exit(0);
}

if ( !$saupdate_bin ) {
    die "$0: Found no sa-update path!\n";
}

if ( !-e $saupdate_bin ) {
    die "$0: “$saupdate_bin” is missing!\n";
}

if ( !-x _ ) {
    die "$0: “$saupdate_bin” is not executable!\n";
}

sub run_saupdate {
    my $gpg_option = shift;
    if ( !$gpg_option ) {
        my $gpg_bin = Cpanel::Binaries::path('gpg');
        $gpg_option = !-x $gpg_bin ? '--nogpg' : '--gpg';
    }
    print "[*] Cleaning up from previous updates.....\n";
    clean_up_updates();
    print "[*] Running sa-update ($saupdate_bin).....\n";
    print "[*] Please note that 'IO::Socket::IP' and 'Net::Patricia' are not needed by our implementation of SpamAssassin.\n[*] The warnings related to them can be safely ignored.\n\n";

    my $run = Cpanel::SafeRun::Object->new(
        'program'      => $saupdate_bin,
        'args'         => [ $gpg_option, grep( /-Q/i, @ARGV ) ? () : ('-D') ],
        'stdout'       => \*STDOUT,
        'stderr'       => \*STDOUT,
        'timeout'      => 3600,
        'read_timeout' => 3600,
    );
    if ( $run->CHILD_ERROR() ) {
        if ( $run->signal_code() || _sa_update_exit_code_is_a_real_failure( $run->error_code() ) ) {
            $run->die_if_error();
        }
    }

    print "Done\n";
    return;
}

sub _sa_update_exit_code_is_a_real_failure {
    my ($error_code) = @_;

    # sa-update uses nonzero error codes to indicate
    # certain success states:
    # https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes
    #
    # exit code of 0 = updates installed
    return 0 if !$error_code;

    # exit code of 1 = no updates needed
    return 0 if $error_code == 1;

    # exit code of 2 = lint of files failed, perl die or general failure
    return 1 if $error_code == 2;

    # exit code of 3 = at least one channel download filed, but the updater found a backup server to update from successfully
    return 0 if $error_code == 3;

    # exit code of 4+ = error downloading or extracting and all channels failed
    return 1;
}

sub clean_up_updates {
    my $version = eval { require Mail::SpamAssassin; $Mail::SpamAssassin::VERSION };
    return unless defined $version;
    my $dir = "/var/lib/spamassassin/$version/updates_spamassassin_org";
    return unless opendir( my $dh, $dir );
    while ( defined( my $file = readdir $dh ) ) {
        unlink "$dir/$file" if $file =~ /^\d+\.tar\.gz(?:\.(?:asc|sha1))?$/;
    }
    closedir($dh);
    return;
}

run_saupdate();

print "Checking update....";
if ( !Cpanel::SpamAssassin::Rules::has_rules_installed() ) {
    print "update failed...retrying without gpg...\n";
    run_saupdate('--nogpg');
}
else {
    print "update ok!\n";
}