#!/bin/bash
#
# imunify360 daily cron jobs.
#
# Usage:
#   ./imunify360.cron [<logfile>]
#
# if logfile is not specified, the output will be discarded
log=${1:-/dev/null}
sh_update_call=${2:-no} # Skips check-domains call and returns return code
lock_wait_secs=${lock_wait_secs:-10800} # Max package manager waiting timeout, 3h
lock_sleep_secs=${lock_sleep_secs:-5} # Poll interval

wait_for_pkg_manager_idle() {
  local end=$((SECONDS + lock_wait_secs))
  local locks=(
    /var/lib/dpkg/lock-frontend
    /var/lib/dpkg/lock
    /var/lib/apt/lists/lock
    /var/cache/apt/archives/lock
  )

  while :; do
    local busy=0

    if command -v fuser >/dev/null 2>&1; then
      for l in "${locks[@]}"; do
        [ -e "$l" ] || continue
        local pids
        pids="$(fuser "$l" 2>/dev/null | tr -cd '0-9 ' | xargs || true)"
        if [ -n "$pids" ]; then
          busy=1
          echo "Waiting: lock $l is held by PIDs: $pids"
          for pid in $pids; do
            echo "  PID $pid: $(ps -p "$pid" -o comm=,args= 2>/dev/null | sed 's/^[[:space:]]*//')"
          done
        fi
      done
    else
      local pids
      pids="$(pgrep -x dpkg || true) $(pgrep -x apt || true) $(pgrep -x apt-get || true) \
            $(pgrep -x unattended-upgrades || true) $(pgrep -x apt.systemd.daily || true)"
      pids="$(echo "$pids" | tr -s ' ' | xargs || true)"
      if [ -n "$pids" ]; then
        busy=1
        echo "Waiting: package-manager processes running (PIDs: $pids)"
        for pid in $pids; do
          echo "  PID $pid: $(ps -p "$pid" -o comm=,args= 2>/dev/null | sed 's/^[[:space:]]*//')"
        done
      fi
    fi

    [ "$busy" -eq 0 ] && return 0

    if [ "$SECONDS" -ge "$end" ]; then
      echo "Timeout after ${lock_wait_secs}s waiting for dpkg/apt; exiting."
      return 1
    fi

    sleep "$lock_sleep_secs"
  done
}

main()
{    
    /usr/libexec/report-command-error /opt/imunify360/venv/bin/python3 /opt/imunify360/venv/share/imunify360/scripts/delay_on_cron_call.py

    echo "Starting daily imunify360 cron jobs at $(date)"
    if [ "$sh_update_call" = "no" ]; then
      /usr/bin/imunify360-agent check-domains
      echo "imunify360-agent check-domains RC: $?"
    fi

    PACKAGES="imunify360-firewall \
              cloudlinux-backup-utils \
              imunify360-ossec \
              imunify360-pam \
              imunify360-php-i360 \
              imunify360-webshield-bundle \
              imunify360-unified-access-logger \
              imunify-antivirus \
              ai-bolit \
              alt-common-release \
              alt-php-hyperscan \
              imunify-release \
              imunify-common \
              imunify-notifier \
              imunify-core \
              imunify-realtime-av \
              imunify-ui \
              imunify360-venv \
              imunify-patchman \
              alt-php-internal \
              app-version-detector"

    wait_for_pkg_manager_idle || exit 1

    /usr/libexec/report-command-error \
        apt-get update -y

    UPDATE_RC=$?
    echo "apt-get update RC after: $UPDATE_RC"

    export DEBCONF_NONINTERACTIVE_SEEN=true
    export DEBIAN_FRONTEND=noninteractive

    /usr/libexec/report-command-error \
        apt-mark unhold $PACKAGES

    /usr/libexec/report-command-error \
        apt-get install --only-upgrade \
        -o "DPkg::Lock::Timeout=600" \
        -o "Dpkg::Options::=--force-confdef" \
        -o "Dpkg::Options::=--force-confold" \
        -y \
        $PACKAGES

    UPDATE_RC=$(( $UPDATE_RC + $? ))
    echo "apt-get install --only-upgrade RC after: $UPDATE_RC"

    /usr/libexec/report-command-error \
        apt-mark hold $PACKAGES

    echo "Finished daily imunify360 cron jobs at $(date)"

    if [ "$sh_update_call" = "yes" ]; then
        exit $UPDATE_RC
    fi

}
main >> "$log" 2>&1