#!/bin/bash

set -e

dracut_cfg_d=/etc/dracut.conf.d
dracut_cfg=$dracut_cfg_d/40-fips.conf

is_ostree_system=0
if test -f /run/ostree-booted; then
    is_ostree_system=1
fi

if test x"$1" !=  x--complete ; then
	echo "Complete the installation of FIPS modules."
	echo "usage: $0 --complete"
	exit 2
fi

if [ $(id -u) != 0 ]; then
	echo "You must be root to run $(basename $0)"
	exit 1
fi

umask 022

# trap "rm -f $dracut_cfg" ERR

# Install required packages: patterns-base-fips and perl-Bootloader
if test ! -f $dracut_cfg && test ! -x "$(command -v pbl)" ; then
	zypper -n install patterns-base-fips perl-Bootloader
elif test ! -f $dracut_cfg ; then
	zypper -n install patterns-base-fips
elif test ! -x "$(command -v pbl)" ; then
	zypper -n install perl-Bootloader
fi

if test ! -d $dracut_cfg_d -o ! -d /boot -o "$is_ostree_system" = 1 ; then
	# No dracut configuration or boot directory present, do not try to modify it.
	# Also, on OSTree systems, we currently rely on the initrd already including
	# the FIPS module.
	exit 0
fi

# cat >$dracut_cfg <<EOF
# # turn on fips module
#
# add_dracutmodules+=" fips "
# EOF
#
# echo "Kernel initramdisks are being regenerated. This might take some time."
#
# dracut -f --regenerate-all
#
# # This is supposed to be a fast and safe operation that's always good to run.
# # Regenerating an initrd and skipping it might render the system unbootable
# # (RHBZ#2013195).
# if test x"$(uname -m)" = xs390x; then
# 	if command -v zipl >/dev/null; then
# 		zipl
# 	else
# 		echo '`zipl` execution has been skipped: `zipl` not found.'
# 	fi
# fi
