diff --git a/src/factory-reset/factory-reset-tool.c b/src/factory-reset/factory-reset-tool.c index 9c83daafe48a8..e5eaed2efaa76 100644 --- a/src/factory-reset/factory-reset-tool.c +++ b/src/factory-reset/factory-reset-tool.c @@ -209,12 +209,9 @@ static int verb_cancel(int argc, char *argv[], void *userdata) { return 0; } - if (!is_efi_boot()) { - if (!arg_quiet) - log_info("Not an EFI boot, cannot remove FactoryResetMode EFI variable, not cancelling."); - - return 0; - } + if (!is_efi_boot()) + return log_error_errno(SYNTHETIC_ERRNO(ENOTRECOVERABLE), + "Not an EFI boot, cannot remove FactoryResetMode EFI variable, not cancelling."); r = efi_set_variable(EFI_SYSTEMD_VARIABLE_STR("FactoryResetRequest"), /* value= */ NULL, /* size= */ 0); if (r < 0) diff --git a/src/hibernate-resume/hibernate-resume-config.c b/src/hibernate-resume/hibernate-resume-config.c index d93919956b48d..a11c68ae4a93a 100644 --- a/src/hibernate-resume/hibernate-resume-config.c +++ b/src/hibernate-resume/hibernate-resume-config.c @@ -143,11 +143,11 @@ static bool validate_efi_hibernate_location(EFIHibernateLocation *e) { int get_efi_hibernate_location(EFIHibernateLocation **ret) { #if ENABLE_EFI static const sd_json_dispatch_field dispatch_table[] = { - { "uuid", SD_JSON_VARIANT_STRING, sd_json_dispatch_id128, offsetof(EFIHibernateLocation, uuid), SD_JSON_MANDATORY }, - { "offset", _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_uint64, offsetof(EFIHibernateLocation, offset), SD_JSON_MANDATORY }, - { "kernelVersion", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(EFIHibernateLocation, kernel_version), SD_JSON_PERMISSIVE|SD_JSON_DEBUG }, - { "osReleaseId", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(EFIHibernateLocation, id), SD_JSON_PERMISSIVE|SD_JSON_DEBUG }, - { "osReleaseImageId", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(EFIHibernateLocation, image_id), SD_JSON_PERMISSIVE|SD_JSON_DEBUG }, + { "uuid", SD_JSON_VARIANT_STRING, sd_json_dispatch_id128, offsetof(EFIHibernateLocation, uuid), SD_JSON_MANDATORY }, + { "offset", _SD_JSON_VARIANT_TYPE_INVALID, sd_json_dispatch_uint64, offsetof(EFIHibernateLocation, offset), SD_JSON_MANDATORY }, + { "kernelVersion", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(EFIHibernateLocation, kernel_version), SD_JSON_PERMISSIVE }, + { "osReleaseId", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(EFIHibernateLocation, id), SD_JSON_PERMISSIVE }, + { "osReleaseImageId", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(EFIHibernateLocation, image_id), SD_JSON_PERMISSIVE }, { "osReleaseVersionId", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(EFIHibernateLocation, version_id), SD_JSON_PERMISSIVE|SD_JSON_DEBUG }, { "osReleaseImageVersion", SD_JSON_VARIANT_STRING, sd_json_dispatch_string, offsetof(EFIHibernateLocation, image_version), SD_JSON_PERMISSIVE|SD_JSON_DEBUG }, {}, diff --git a/src/tpm2-setup/tpm2-clear.c b/src/tpm2-setup/tpm2-clear.c index cf4d442b72b91..04b9fe32a3c2a 100644 --- a/src/tpm2-setup/tpm2-clear.c +++ b/src/tpm2-setup/tpm2-clear.c @@ -88,22 +88,23 @@ static int request_tpm2_clear(void) { r = secure_getenv_bool("SYSTEMD_TPM2_ALLOW_CLEAR"); if (r < 0 && r != -ENXIO) - log_warning_errno(r, "Failed to parse $SYSTEMD_TPM2_ALLOW_CLEAR, ignoring: %m"); + return log_error_errno(r, "Failed to parse $SYSTEMD_TPM2_ALLOW_CLEAR: %m"); if (r >= 0) clear = r; if (clear < 0) { bool b; - r = proc_cmdline_get_bool("systemd.tpm2_allow_clear", /* flags= */ 0, &b); + r = proc_cmdline_get_bool("systemd.tpm2_allow_clear", PROC_CMDLINE_TRUE_WHEN_MISSING, &b); if (r < 0) - return log_debug_errno(r, "Failed to parse systemd.tpm2_allow_clear kernel command line argument: %m"); - if (r > 0) - clear = b; + return log_error_errno(r, "Failed to parse systemd.tpm2_allow_clear kernel command line argument: %m"); + clear = b; } - if (clear == 0) { + assert(clear >= 0); + + if (!clear) { log_info("Clearing TPM2 disabled, exiting early."); - return EXIT_SUCCESS; + return 0; } /* Now issue PPI request */ @@ -131,10 +132,10 @@ static int run(int argc, char *argv[]) { * to rebuild it. */ if (arg_graceful && !tpm2_is_fully_supported()) { log_notice("No complete TPM2 support detected, exiting gracefully."); - return EXIT_SUCCESS; + return 0; } return request_tpm2_clear(); } -DEFINE_MAIN_FUNCTION_WITH_POSITIVE_FAILURE(run); +DEFINE_MAIN_FUNCTION(run); diff --git a/units/factory-reset-now.target b/units/factory-reset-now.target index 6415cc1232e19..008d565b17c9d 100644 --- a/units/factory-reset-now.target +++ b/units/factory-reset-now.target @@ -11,3 +11,4 @@ Description=Factory Reset Execution Documentation=man:systemd.special(7) Wants=systemd-factory-reset-complete.service +RefuseManualStart=yes diff --git a/units/meson.build b/units/meson.build index ae13f85adebc2..84c3757b10aea 100644 --- a/units/meson.build +++ b/units/meson.build @@ -323,9 +323,7 @@ units = [ }, { 'file' : 'systemd-creds@.service' }, { 'file' : 'systemd-exit.service' }, - { - 'file' : 'systemd-factory-reset@.service.in', - }, + { 'file' : 'systemd-factory-reset@.service.in' }, { 'file' : 'systemd-factory-reset.socket', 'symlinks' : ['sockets.target.wants/'], diff --git a/units/systemd-factory-reset-complete.service.in b/units/systemd-factory-reset-complete.service.in index 337b99d3d4286..aa0913dbe699a 100644 --- a/units/systemd-factory-reset-complete.service.in +++ b/units/systemd-factory-reset-complete.service.in @@ -15,6 +15,8 @@ Requires=factory-reset-now.target After=factory-reset-now.target Conflicts=shutdown.target Before=shutdown.target +RefuseManualStart=yes +RefuseManualStop=yes [Service] Type=oneshot