#!/bin/bash -ef
#
# Main work after rebooting with evm=fix, ima=fix params
#
#
SELCONF="/etc/selinux/config"
SETENFORCE="setenforce"
FIXFILES="fixfiles"
UPDATE_GRUB="update-grub"

echo "we rebooted and will reboot  more" >/dev/tty1
if [ -f "$SELCONF" ] ;
then
echo "update done, fixing contexts" >/dev/tty1
   $SETENFORCE 0
   $FIXFILES restore
fi
echo "update done, signing" >/dev/tty1
export TMPDIR=/var/tmp
integrity-sign -v 2>&1 | tee /root/integrity-sign-log >/dev/tty1
echo "FEATURES += integrity" >>/etc/initrd.mk
make-initrd
echo "fixing osec data"  >/dev/tty1
integalert fix
echo "temporarily disable osec checks" >/dev/tty1
systemctl disable integalert.service
updater-utils enforce enforce sha1
$UPDATE_GRUB 2>/dev/null ||:
wall "rebooting"
if [ -f "$SELCONF" ] ;
then
  $SETENFORCE 1
fi
systemctl disable updater-main
systemctl disable updater-signing
systemctl enable updater-after
reboot -fp
