#!/bin/bash
#
# Main work after rebooting with evm=fix, ima=fix params
#
#
SELCONF="/etc/selinux/config"
FIXFILES="fixfiles"
SETENFORCE="setenforce"
export TMPDIR=/root/tmp
echo "we rebooted and will reboot  more" >/dev/tty1
if [ -f "$SELCONF" ] ;
  then
     $SETENFORCE 0
     # this stuff is higher than selinux.
fi
# remove integrity from initrd
sed -i -e "/integrity/d" /etc/initrd.mk
#
make-initrd
if [ ! -e /etc/noupdate ] ;
then
# remove all stuff that can be applied before
run-parts /etc/updater.d/ remove ||:
  apt-get -f update 2>&1 >/dev/tty1
  apt-get -fy dist-upgrade 2>&1 >/dev/tty1
  echo "we updated system, update now kernel" >/dev/tty1
  update-kernel -fy 2>&1 >/dev/tty1
     $FIXFILES restore
  fi
# apply all stuff like lists here
run-parts /etc/updater.d apply ||:

echo "fixing osec data" >/dev/tty1
integalert fix
echo "temporarily disable osec checks" >/dev/tty1
systemctl disable integalert.service
update-grub ||:
echo "rebooting" >/dev/tty1
if [ -f "$SELCONF" ] ;
then
  $SETENFORCE 1
fi
systemctl disable updater-main
systemctl enable updater-signing
systemctl disable updater-after
reboot -fp
