#!/bin/bash
#
# Finishing touches after reboot - integrity-sign -i (reset immutable flags)
# should run after reboot
#
SELCONF="/etc/selinux/config"
SETENFORCE="setenforce"
# this define is to prevent automatic dependence to this file
echo  "Finishing updates" >/dev/tty1
if [ -f "$SELCONF" ];
then
  $SETENFORCE 0
fi
integrity-sign -i
if [ -f "$SELCONF" ];
then
  $SETENFORCE 1
fi

echo " All done, switching to normal mode" >/dev/tty1
if [ -f /var/lib/updater/oldstate ];
then
 systemctl set-default `cat /var/lib/updater/oldstate`
 rm -f /var/lib/updater/oldstate
fi
systemctl enable integalert.service
systemctl disable updater-after
DATE=`date +%s`
AUDITBCK=$(mktemp /var/log/audit/audit.$DATE.XXXXX)
# this is needed because audit is not working after signing with old log
# it needs to recreate it in new environment
mv /var/log/audit/audit.log "$AUDITBCK"

if [ -e /etc/noupdate ] ;
then
  rm -f /etc/noupdate
fi
reboot -fp
