+cd /var/lib/misc || cd /var/state/glibc/ || cd /var/db/
+lockfile -r 1 -l 3600 lock
+trap cleanup exit
+
+case $HOST in
+$LOCALSYNCON)
+ udhost=
+ ;;
+*)
+ udhost="sshdist@$SYNCHOST:"
+ ;;
+esac
+
+tempfile=$(mktemp)
+tempfile2=$(mktemp)
+
+if [ -e /var/lib/misc/thishost/dns-sshfp ]; then
+ cp /var/lib/misc/thishost/dns-sshfp $tempfile
+fi
+
+if [ -e /var/lib/misc/thishost/dns-zone ]; then
+ cp /var/lib/misc/thishost/dns-zone $tempfile2
+fi
+
+rsync ${verbose} --delete-after --times -e 'ssh -i /etc/ssh/ssh_host_rsa_key -o ControlPath=/var/run/.ud-replicate.ssh.socket -o ControlMaster=auto -o ControlPersist=2h -o BatchMode=yes' -rp "${udhost}/var/cache/userdir-ldap/hosts/$HOST" .
+
+makedb "$HOST/passwd.tdb" -o passwd.db.t
+if [ -s "$HOST/shadow.tdb" ]
+then
+ (umask 027 && makedb "$HOST/shadow.tdb" -o shadow.db.t)
+ chown root.shadow shadow.db.t
+ chmod 0640 shadow.db.t
+ mv -f shadow.db.t shadow.db
+fi
+makedb "$HOST/group.tdb" -o group.db.t
+mv -f passwd.db.t passwd.db
+mv -f group.db.t group.db
+if [ -e "$HOST/ssh-rsa-shadow" ]; then
+ ln -sf $HOST/ssh-rsa-shadow .
+ ln -sf `pwd -P`/ssh-rsa-shadow /etc/ssh
+else
+ rm -f ssh-rsa-shadow /etc/ssh/ssh-rsa-shadow
+fi
+ln -sf $HOST/ssh_known_hosts .
+ln -sf `pwd -P`/ssh_known_hosts /etc/ssh
+
+if [ -e ${HOST}/ssh-keys.tar.gz ]; then
+ export TMPDIR='/tmp/'
+ tempdir=$(mktemp -d)
+ tar -C "$tempdir" -xf ${HOST}/ssh-keys.tar.gz
+ mkdir -p userkeys
+ chmod 755 $tempdir
+ rsync -a --delete-after $tempdir/ userkeys/
+fi
+
+if [ -e ${HOST}/web-passwords ]; then
+ chown root:www-data ${HOST}/web-passwords
+ chmod 0640 ${HOST}/web-passwords
+fi
+
+CHROOTS=""
+if [ -x /usr/bin/dchroot ]; then
+ CHROOTS=`dchroot --listpaths`
+elif [ -x /usr/bin/dchroot-dsa ]; then
+ CHROOTS=$(dchroot-dsa -i | grep Location | awk '{print $2}')
+fi
+if [ -n "$CHROOTS" ]; then
+ for c in $CHROOTS; do
+ if [ "$c" = "/" ] || [ "$c" = "" ]; then
+ echo "$0 WTF: \$c is '' or '/' here." 2>&1
+ exit 1
+ fi
+ if [ -x "$c/usr/bin/makedb" ]
+ then
+ mkdir -p "$c/var/lib/misc/$HOST"
+
+ # remove extra stuff from earlier times and so
+ find "$c/var/lib/misc/$HOST" -mindepth 1 \
+ ! -name group.tdb -a \
+ ! -name passwd.tdb -a \
+ ! -name ssh_known_hosts \
+ -print0 | xargs --no-run-if-empty -0 rm -f
+ rsync -a ${verbose} $HOST/group.tdb $HOST/passwd.tdb $HOST/ssh_known_hosts "$c/var/lib/misc/$HOST"
+
+ # clean up from the times we supposedly did shadow stuff in chroots
+ rm -f "$c/var/lib/misc/shadow.db"
+
+ # from failed makedb runs earlier.
+ rm -f "$c/var/lib/misc/passwd.db.t" \
+ "$c/var/lib/misc/group.db.t"
+ # build passwd information
+ chroot "$c" makedb "/var/lib/misc/$HOST/passwd.tdb" -o /var/lib/misc/passwd.db.t
+ chroot "$c" makedb "/var/lib/misc/$HOST/group.tdb" -o /var/lib/misc/group.db.t
+ mv -f "$c/var/lib/misc/passwd.db.t" "$c/var/lib/misc/passwd.db"
+ mv -f "$c/var/lib/misc/group.db.t" "$c/var/lib/misc/group.db"
+
+ ln -sf "$HOST/ssh_known_hosts" "$c/var/lib/misc/"
+ if [ -d "$c/etc/ssh" ]; then
+ ln -sf ../../var/lib/misc/ssh_known_hosts "$c/etc/ssh"
+ elif [ -L "$c/etc/ssh" ] && [ "`readlink \"$c/etc/ssh\"`" = "../../var/lib/misc/ssh_known_hosts" ]; then
+ # clean up past mistakes
+ rm -f "$c/etc/ssh"
+ fi
+ fi
+ done
+fi
+
+if [ -d "/etc/exim4" -a -e "$HOST/bsmtp" ]; then
+ if perl -e 'exit !((stat "/etc/exim4/bsmtp")[9] < time()-3600)'; then
+ cp "$HOST/bsmtp" /etc/exim4/bsmtp
+ fi
+fi
+if [ -d "/etc/postfix" -a -f "$HOST/forward-alias" ]; then
+ sed -e "s/:/@$EMAILAPPEND/" $HOST/forward-alias > /etc/postfix/debian
+ /usr/sbin/postmap hash:/etc/postfix/debian < /etc/postfix/debian || true
+fi
+
+rebuild_zones=0
+if [ -e /var/lib/misc/thishost/dns-sshfp ]; then
+ if ! cmp -s /var/lib/misc/thishost/dns-sshfp "$tempfile"; then
+ rebuild_zones=1
+ fi
+fi
+
+if [ -e /var/lib/misc/thishost/dns-zone ]; then
+ if ! cmp -s /var/lib/misc/thishost/dns-zone "$tempfile2"; then
+ rebuild_zones=1
+ fi
+fi
+
+if [ "${rebuild_zones}" -gt 0 ]; then
+ sudo -u dnsadm /srv/dns.debian.org/bin/update
+fi
+
+if [ -d "/etc/freeradius" -a -e "$HOST/rtc-passwords" ]; then
+ if ! cmp -s "$HOST/rtc-passwords" /var/local/rtc-passwords.freerad; then
+ install -o freerad -g freerad -m 400 "$HOST/rtc-passwords" /var/local/rtc-passwords.freerad
+ service freeradius reload
+ fi
+fi
+if [ -d "/etc/reTurn" -a -e "$HOST/rtc-passwords" ]; then
+ if ! cmp -s "$HOST/rtc-passwords" /var/local/rtc-passwords.return; then
+ install -o return -g return -m 400 "$HOST/rtc-passwords" /var/local/rtc-passwords.return
+ service resiprocate-turn-server reload
+ fi
+fi
+if [ -d "/etc/prosody" -a -e "$HOST/rtc-passwords" ]; then
+ if ! cmp -s "$HOST/rtc-passwords" /var/local/rtc-passwords.prosody; then
+ install -o prosody -g prosody -m 400 "$HOST/rtc-passwords" /var/local/rtc-passwords.prosody
+ service prosody reload
+ fi
+fi