#!/bin/sh

set -eu

# Boot trust manager service should not be terminated while it is running.
# Because Dracut has boot timeout and the service may also
# require user interaction (e.g. PIN), we can create a lock
# file that causes Dracut to ignore the timeout while it exists.
# Remove the lock file after the service has finished.

lock_path='/run/systemd/ask-password/ask.lock'

status=0
touch "$lock_path"
/usr/sbin/puavo-boot-trust-manager manage || status=$?
rm -f "$lock_path"
exit $status
