#!/bin/sh
set -e
set -u
# Just in case /var/cache is tmpfs or similar
if ! [ -d /var/cache/man ]; then
	mkdir -p -m 0755 /var/cache/man
fi
# mandb performance degrades significantly when libseccomp is enabled
# and an external program — xz in ROSA — is executed for decompression.
# It can be speeded up if decompression is done without calling an external
# program — with liblzma instead of xz(1). Currently it is not fully clear
# to me (mikhailnov) why performance is degraded.
# See:
# 1) https://gitlab.com/cjwatson/man-db/-/issues/4
# 2) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003089
# Discussion in (2) notes that we can trust mans inside packages,
# but mans inside e.g. snaps can try to execute code without a sandbox
# when being parsed by mandb. It would be nice to disable seccomp only
# when being run from RPM triggers, but leave it enabled in the systemd
# timer, but I currently do not have handsome ideas how to implement it
# and leave it enabled for daily runs of the systemd timer which would
# index mans from snaps, but it can still be run from RPM and process mans
# from snaps, so a run from RPM would need to somehow omit snaps' mans.
# Leaving mandb built with libseccomp to allow users to enable seccomp by
# setting "Environment=MAN_DISABLE_SECCOMP=0" via `systemctl edit man-db`
# (code of mandb checks existense of the variable, not its value).
if [ "${MAN_DISABLE_SECCOMP:-1}" != 0 ]
	then export MAN_DISABLE_SECCOMP=1
	else unset MAN_DISABLE_SECCOMP
fi
exec /usr/bin/mandb
