It's been a while since we introduced Differential ShellCheck and it
proved to be quite useful (and in some ways even better than the shellcheck
run by super-linter). So, to have only one linter scream at us for not
knowing how to write bash properly, let's drop the super-linter's one in
favor of Differential ShellCheck.
Follow-up for https://github.com/systemd/systemd/pull/24328#pullrequestreview-1074127504
Some of the new units using systemd-pcrphase are missing the --graceful
flag which causes them to error if the tpm libraries are not installed.
Add --graceful just like in the other pcrphase units to make systemd-pcrphase
exit gracefully if the tpm libraries are missing.
We create the udevadm -> systemd-udevd symlink during the install phase,
so it doesn't exist in the just compiled tree. This worked in CI since
the symlink is manually created there post-build.
Given that ERRNO_IS_PRIVILEGE() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the arguments passed to ERRNO_IS_PRIVILEGE() are the values
returned by read_one_line_file() which can legitimately return positive
values without errno semantics, so fix this by moving ERRNO_IS_PRIVILEGE()
invocations to the branches where the return values are known to be negative.
Minor change, to adjust mode of /tmp/passphrase and /tmp/password test files to
avoid repeated warning logs that each file "...has 0644 mode that is too
permissive, please adjust the ownership and access mode."
Given that ERRNO_IS_DISCONNECT() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the argument passed to ERRNO_IS_DISCONNECT() is the value
returned by manager_recv() which can legitimately return 1 without errno
semantics, so fix this by moving ERRNO_IS_DISCONNECT() invocation to the
branch where the return value is known to be negative.
Given that ERRNO_IS_DISCONNECT() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the argument passed to ERRNO_IS_DISCONNECT() is the value
returned by bus_socket_process_watch_bind(), bus_socket_process_opening(),
and bus_socket_process_authenticating() which can legitimately return
positive values without errno semantics, so fix this by moving the
ERRNO_IS_DISCONNECT() invocation to the branch where the return value
is known to be negative.
Given that ERRNO_IS_DISCONNECT() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the argument passed to ERRNO_IS_DISCONNECT() is the value
returned by socket_acquire_peer() which can legitimately return 1
without errno semantics, so fix this by moving ERRNO_IS_DISCONNECT()
invocation to the branch where the return value is known to be negative.
Given that ERRNO_IS_RESOURCE() also matches positive values,
make sure this macro is not called with arguments that do not have
errno semantics.
In this case the argument passed to ERRNO_IS_RESOURCE() is the value
returned by recurse_dir_at() which can legitimately return positive
values without errno semantics, so fix this by moving the ERRNO_IS_RESOURCE()
invocation to the branch where the return value is known to be negative.
Add function to calculate the hash digest for a provided pin, and also verify
that the final byte in the digest is not 0. This is required because the TPM
will always remove all trailing 0's from an auth value before using it.
Fixes: #27716
