src/bootctl/bootctl-install.c

@@ -102,7 +102,7 @@ static int load_kernel_install_layout(void) {
         int r;
 
         r = load_kernel_install_conf(arg_root,
-                                     secure_getenv("KERNEL_INSTALL_CONF_ROOT"),
+                                     getenv("KERNEL_INSTALL_CONF_ROOT"),
                                      /* ret_machine_id= */ NULL,
                                      /* ret_boot_root= */ NULL,
                                      &layout,
@@ -210,12 +210,13 @@ static int version_check(int fd_from, const char *from, int fd_to, const char *t
 
         r = get_file_version(fd_to, &b);
         if (r == -ESRCH)
-                return log_info_errno(r, "Skipping \"%s\", it's owned by another boot loader (no version info found).", to);
+                return log_notice_errno(r, "Skipping \"%s\", it's owned by another boot loader (no version info found).",
+                                        to);
         if (r < 0)
                 return r;
         if (compare_product(a, b) != 0)
-                return log_info_errno(SYNTHETIC_ERRNO(ESRCH),
+                return log_notice_errno(SYNTHETIC_ERRNO(ESRCH),
-                                      "Skipping \"%s\", it's owned by another boot loader.", to);
+                                        "Skipping \"%s\", it's owned by another boot loader.", to);
 
         r = compare_version(a, b);
         log_debug("Comparing versions: \"%s\" %s \"%s\"", a, comparison_operator(r), b);
@@ -334,11 +335,7 @@ static int create_subdirs(const char *root, const char * const *subdirs) {
         return 0;
 }
 
-static int update_efi_boot_binaries(
+static int update_efi_boot_binaries(const char *esp_path, const char *source_path) {
-                const char *esp_path,
-                const char *source_path,
-                const char *ignore_filename) {
-
         _cleanup_closedir_ DIR *d = NULL;
         _cleanup_free_ char *p = NULL;
         int r, ret = 0;
@@ -358,9 +355,6 @@ static int update_efi_boot_binaries(
                 if (!endswith_no_case(de->d_name, ".efi"))
                         continue;
 
-                if (strcaseeq_ptr(ignore_filename, de->d_name))
-                        continue;
-
                 fd = xopenat_full(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY|O_NOFOLLOW, XO_REGULAR, /* mode= */ 0);
                 if (fd < 0)
                         return log_error_errno(fd, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
@@ -387,7 +381,7 @@ static int update_efi_boot_binaries(
 }
 
 static int copy_one_file(const char *esp_path, const char *name, bool force) {
-        char *root = IN_SET(arg_install_source, INSTALL_SOURCE_AUTO, INSTALL_SOURCE_IMAGE) ? arg_root : NULL;
+        char *root = IN_SET(arg_install_source, ARG_INSTALL_SOURCE_AUTO, ARG_INSTALL_SOURCE_IMAGE) ? arg_root : NULL;
         _cleanup_free_ char *source_path = NULL, *dest_path = NULL, *p = NULL, *q = NULL;
         const char *e;
         char *dest_name, *s;
@@ -404,7 +398,7 @@ static int copy_one_file(const char *esp_path, const char *name, bool force) {
 
         r = chase(p, root, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS|CHASE_TRIGGER_AUTOFS, &source_path, NULL);
         /* If we had a root directory to try, we didn't find it and we are in auto mode, retry on the host */
-        if (r == -ENOENT && root && arg_install_source == INSTALL_SOURCE_AUTO)
+        if (r == -ENOENT && root && arg_install_source == ARG_INSTALL_SOURCE_AUTO)
                 r = chase(p, NULL, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS|CHASE_TRIGGER_AUTOFS, &source_path, NULL);
         if (r < 0)
                 return log_error_errno(r,
@@ -432,7 +426,7 @@ static int copy_one_file(const char *esp_path, const char *name, bool force) {
 
                 /* Create the EFI default boot loader name (specified for removable devices) */
                 v = strjoina("/EFI/BOOT/BOOT", e);
-                const char *boot_dot_efi = ascii_strupper(strrchr(v, '/') + 1);
+                ascii_strupper(strrchr(v, '/') + 1);
 
                 r = chase(v, esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS|CHASE_NONEXISTENT|CHASE_TRIGGER_AUTOFS, &default_dest_path, NULL);
                 if (r < 0)
@@ -440,24 +434,24 @@ static int copy_one_file(const char *esp_path, const char *name, bool force) {
 
                 RET_GATHER(ret, copy_file_with_version_check(source_path, default_dest_path, force));
 
-                /* If we were installed under any other name in /EFI/BOOT/, make sure we update those binaries
+                /* If we were installed under any other name in /EFI/BOOT, make sure we update those binaries
                  * as well. */
                 if (!force)
-                        RET_GATHER(ret, update_efi_boot_binaries(esp_path, source_path, boot_dot_efi));
+                        RET_GATHER(ret, update_efi_boot_binaries(esp_path, source_path));
         }
 
         return ret;
 }
 
 static int install_binaries(const char *esp_path, const char *arch, bool force) {
-        char *root = IN_SET(arg_install_source, INSTALL_SOURCE_AUTO, INSTALL_SOURCE_IMAGE) ? arg_root : NULL;
+        char *root = IN_SET(arg_install_source, ARG_INSTALL_SOURCE_AUTO, ARG_INSTALL_SOURCE_IMAGE) ? arg_root : NULL;
         _cleanup_closedir_ DIR *d = NULL;
         _cleanup_free_ char *path = NULL;
         int r;
 
         r = chase_and_opendir(BOOTLIBDIR, root, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS|CHASE_TRIGGER_AUTOFS, &path, &d);
         /* If we had a root directory to try, we didn't find it and we are in auto mode, retry on the host */
-        if (r == -ENOENT && root && arg_install_source == INSTALL_SOURCE_AUTO)
+        if (r == -ENOENT && root && arg_install_source == ARG_INSTALL_SOURCE_AUTO)
                 r = chase_and_opendir(BOOTLIBDIR, NULL, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS|CHASE_TRIGGER_AUTOFS, &path, &d);
         if (r == -ENOENT && arg_graceful() != ARG_GRACEFUL_NO) {
                 log_debug("Source directory does not exist, ignoring.");
@@ -584,7 +578,7 @@ static int install_entry_token(void) {
         if (!arg_make_entry_directory && arg_entry_token_type == BOOT_ENTRY_TOKEN_MACHINE_ID)
                 return 0;
 
-        p = path_join(arg_root, secure_getenv("KERNEL_INSTALL_CONF_ROOT") ?: "/etc/kernel/", "entry-token");
+        p = path_join(arg_root, getenv("KERNEL_INSTALL_CONF_ROOT") ?: "/etc/kernel/", "entry-token");
         if (!p)
                 return log_oom();
 
@@ -906,17 +900,10 @@ static int install_variables(
                 return graceful ? 0 : r;
         }
 
-        bool existing = r > 0;
+        if (first || r == 0) {
-
+                r = efi_add_boot_option(slot, pick_efi_boot_option_description(),
-        if (first || !existing) {
+                                        part, pstart, psize,
-                r = efi_add_boot_option(
+                                        uuid, path);
-                                slot,
-                                pick_efi_boot_option_description(),
-                                part,
-                                pstart,
-                                psize,
-                                uuid,
-                                path);
                 if (r < 0) {
                         int level = graceful ? arg_quiet ? LOG_DEBUG : LOG_INFO : LOG_ERR;
                         const char *skip = graceful ? ", skipping" : "";
@@ -926,9 +913,7 @@ static int install_variables(
                         return graceful ? 0 : r;
                 }
 
-                log_info("%s EFI boot entry \"%s\".",
+                log_info("Created EFI boot entry \"%s\".", pick_efi_boot_option_description());
-                         existing ? "Updated" : "Created",
-                         pick_efi_boot_option_description());
         }
 
         return insert_into_order(slot, first);
@@ -963,67 +948,10 @@ static int are_we_installed(const char *esp_path) {
         return r == 0;
 }
 
-static int load_secure_boot_auto_enroll(
-                X509 **ret_certificate,
-                EVP_PKEY **ret_private_key) {
-
-        int r;
-
-        assert(ret_certificate);
-        assert(ret_private_key);
-
-        if (!arg_secure_boot_auto_enroll) {
-                *ret_certificate = NULL;
-                *ret_private_key = NULL;
-                return 0;
-        }
-
-        if (arg_certificate_source_type == OPENSSL_CERTIFICATE_SOURCE_FILE) {
-                r = parse_path_argument(arg_certificate, /*suppress_root=*/ false, &arg_certificate);
-                if (r < 0)
-                        return r;
-        }
-
-        _cleanup_(X509_freep) X509 *certificate = NULL;
-        r = openssl_load_x509_certificate(
-                        arg_certificate_source_type,
-                        arg_certificate_source,
-                        arg_certificate,
-                        &certificate);
-        if (r < 0)
-                return log_error_errno(r, "Failed to load X.509 certificate from %s: %m", arg_certificate);
-
-        if (arg_private_key_source_type == OPENSSL_KEY_SOURCE_FILE) {
-                r = parse_path_argument(arg_private_key, /* suppress_root= */ false, &arg_private_key);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to parse private key path %s: %m", arg_private_key);
-        }
-
-        _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL;
-        r = openssl_load_private_key(
-                        arg_private_key_source_type,
-                        arg_private_key_source,
-                        arg_private_key,
-                        &(AskPasswordRequest) {
-                                .tty_fd = -EBADF,
-                                .id = "bootctl-private-key-pin",
-                                .keyring = arg_private_key,
-                                .credential = "bootctl.private-key-pin",
-                                .until = USEC_INFINITY,
-                                .hup_fd = -EBADF,
-                        },
-                        &private_key,
-                        /* ret_user_interface= */ NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to load private key from %s: %m", arg_private_key);
-
-        *ret_certificate = TAKE_PTR(certificate);
-        *ret_private_key = TAKE_PTR(private_key);
-
-        return 0;
-}
-
 int verb_install(int argc, char *argv[], void *userdata) {
+        _cleanup_(X509_freep) X509 *certificate = NULL;
+        _cleanup_(openssl_ask_password_ui_freep) OpenSSLAskPasswordUI *ui = NULL;
+        _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL;
         sd_id128_t uuid = SD_ID128_NULL;
         uint64_t pstart = 0, psize = 0;
         uint32_t part = 0;
@@ -1037,11 +965,44 @@ int verb_install(int argc, char *argv[], void *userdata) {
         /* Support graceful mode only for updates, unless forcibly enabled in chroot environments */
         graceful = arg_graceful() == ARG_GRACEFUL_FORCE || (!install && arg_graceful() != ARG_GRACEFUL_NO);
 
-        _cleanup_(EVP_PKEY_freep) EVP_PKEY *private_key = NULL;
+        if (arg_secure_boot_auto_enroll) {
-        _cleanup_(X509_freep) X509 *certificate = NULL;
+                if (arg_certificate_source_type == OPENSSL_CERTIFICATE_SOURCE_FILE) {
-        r = load_secure_boot_auto_enroll(&certificate, &private_key);
+                        r = parse_path_argument(arg_certificate, /*suppress_root=*/ false, &arg_certificate);
-        if (r < 0)
+                        if (r < 0)
-                return r;
+                                return r;
+                }
+
+                r = openssl_load_x509_certificate(
+                                arg_certificate_source_type,
+                                arg_certificate_source,
+                                arg_certificate,
+                                &certificate);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to load X.509 certificate from %s: %m", arg_certificate);
+
+                if (arg_private_key_source_type == OPENSSL_KEY_SOURCE_FILE) {
+                        r = parse_path_argument(arg_private_key, /* suppress_root= */ false, &arg_private_key);
+                        if (r < 0)
+                                return log_error_errno(r, "Failed to parse private key path %s: %m", arg_private_key);
+                }
+
+                r = openssl_load_private_key(
+                                arg_private_key_source_type,
+                                arg_private_key_source,
+                                arg_private_key,
+                                &(AskPasswordRequest) {
+                                        .tty_fd = -EBADF,
+                                        .id = "bootctl-private-key-pin",
+                                        .keyring = arg_private_key,
+                                        .credential = "bootctl.private-key-pin",
+                                        .until = USEC_INFINITY,
+                                        .hup_fd = -EBADF,
+                                },
+                                &private_key,
+                                &ui);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to load private key from %s: %m", arg_private_key);
+        }
 
         r = acquire_esp(/* unprivileged_mode= */ false, graceful, &part, &pstart, &psize, &uuid, NULL);
         if (graceful && r == -ENOKEY)
@@ -1200,7 +1161,7 @@ static int rmdir_one(const char *prefix, const char *suffix) {
 }
 
 static int remove_subdirs(const char *root, const char *const *subdirs) {
-        int r;
+        int r, q;
 
         /* We use recursion here to destroy the directories in reverse order. Which should be safe given how
          * short the array is. */
@@ -1209,7 +1170,9 @@ static int remove_subdirs(const char *root, const char *const *subdirs) {
                 return 0;
 
         r = remove_subdirs(root, subdirs + 1);
-        return RET_GATHER(r, rmdir_one(root, subdirs[0]));
+        q = rmdir_one(root, subdirs[0]);
+
+        return r < 0 ? r : q;
 }
 
 static int remove_entry_directory(const char *root) {
@@ -1223,14 +1186,19 @@ static int remove_entry_directory(const char *root) {
 }
 
 static int remove_binaries(const char *esp_path) {
-        int r;
+        int r, q;
 
         _cleanup_free_ char *p = path_join(esp_path, "/EFI/systemd");
         if (!p)
                 return log_oom();
 
         r = rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL);
-        return RET_GATHER(r, remove_boot_efi(esp_path));
+
+        q = remove_boot_efi(esp_path);
+        if (q < 0 && r == 0)
+                r = q;
+
+        return r;
 }
 
 static int remove_file(const char *root, const char *file) {
@@ -1290,9 +1258,11 @@ static int remove_loader_variables(void) {
                 q = efi_set_variable(var, NULL, 0);
                 if (q == -ENOENT)
                         continue;
-                if (q < 0)
+                if (q < 0) {
-                        RET_GATHER(r, log_warning_errno(q, "Failed to remove EFI variable %s: %m", var));
+                        log_warning_errno(q, "Failed to remove EFI variable %s: %m", var);
-                else
+                        if (r >= 0)
+                                r = q;
+                } else
                         log_info("Removed EFI variable %s.", var);
         }
 
@@ -1301,7 +1271,7 @@ static int remove_loader_variables(void) {
 
 int verb_remove(int argc, char *argv[], void *userdata) {
         sd_id128_t uuid = SD_ID128_NULL;
-        int r;
+        int r, q;
 
         r = acquire_esp(/* unprivileged_mode= */ false, /* graceful= */ false, NULL, NULL, NULL, &uuid, NULL);
         if (r < 0)
@@ -1316,28 +1286,59 @@ int verb_remove(int argc, char *argv[], void *userdata) {
                 return r;
 
         r = remove_binaries(arg_esp_path);
-        RET_GATHER(r, remove_file(arg_esp_path, "/loader/loader.conf"));
+
-        RET_GATHER(r, remove_file(arg_esp_path, "/loader/random-seed"));
+        q = remove_file(arg_esp_path, "/loader/loader.conf");
-        RET_GATHER(r, remove_file(arg_esp_path, "/loader/entries.srel"));
+        if (q < 0 && r >= 0)
+                r = q;
+
+        q = remove_file(arg_esp_path, "/loader/random-seed");
+        if (q < 0 && r >= 0)
+                r = q;
+
+        q = remove_file(arg_esp_path, "/loader/entries.srel");
+        if (q < 0 && r >= 0)
+                r = q;
 
         FOREACH_STRING(db, "PK.auth", "KEK.auth", "db.auth") {
                 _cleanup_free_ char *p = path_join("/loader/keys/auto", db);
                 if (!p)
                         return log_oom();
 
-                RET_GATHER(r, remove_file(arg_esp_path, p));
+                q = remove_file(arg_esp_path, p);
+                if (q < 0 && r >= 0)
+                        r = q;
         }
 
-        RET_GATHER(r, rmdir_one(arg_esp_path, "/loader/keys/auto"));
+        q = rmdir_one(arg_esp_path, "/loader/keys/auto");
-        RET_GATHER(r, remove_subdirs(arg_esp_path, esp_subdirs));
+        if (q < 0 && r >= 0)
-        RET_GATHER(r, remove_subdirs(arg_esp_path, dollar_boot_subdirs));
+                r = q;
-        RET_GATHER(r, remove_entry_directory(arg_esp_path));
+
+        q = remove_subdirs(arg_esp_path, esp_subdirs);
+        if (q < 0 && r >= 0)
+                r = q;
+
+        q = remove_subdirs(arg_esp_path, dollar_boot_subdirs);
+        if (q < 0 && r >= 0)
+                r = q;
+
+        q = remove_entry_directory(arg_esp_path);
+        if (q < 0 && r >= 0)
+                r = q;
 
         if (arg_xbootldr_path) {
                 /* Remove a subset of these also from the XBOOTLDR partition if it exists */
-                RET_GATHER(r, remove_file(arg_xbootldr_path, "/loader/entries.srel"));
+
-                RET_GATHER(r, remove_subdirs(arg_xbootldr_path, dollar_boot_subdirs));
+                q = remove_file(arg_xbootldr_path, "/loader/entries.srel");
-                RET_GATHER(r, remove_entry_directory(arg_xbootldr_path));
+                if (q < 0 && r >= 0)
+                        r = q;
+
+                q = remove_subdirs(arg_xbootldr_path, dollar_boot_subdirs);
+                if (q < 0 && r >= 0)
+                        r = q;
+
+                q = remove_entry_directory(arg_xbootldr_path);
+                if (q < 0 && r >= 0)
+                        r = q;
         }
 
         (void) sync_everything();
@@ -1351,8 +1352,15 @@ int verb_remove(int argc, char *argv[], void *userdata) {
         }
 
         char *path = strjoina("/EFI/systemd/systemd-boot", get_efi_arch(), ".efi");
-        RET_GATHER(r, remove_variables(uuid, path, /* in_order= */ true));
+        q = remove_variables(uuid, path, true);
-        return RET_GATHER(r, remove_loader_variables());
+        if (q < 0 && r >= 0)
+                r = q;
+
+        q = remove_loader_variables();
+        if (q < 0 && r >= 0)
+                r = q;
+
+        return r;
 }
 
 int verb_is_installed(int argc, char *argv[], void *userdata) {

src/bootctl/bootctl-random-seed.c

@@ -61,7 +61,7 @@ static int set_system_token(void) {
         if (!touch_variables())
                 return 0;
 
-        r = secure_getenv_bool("SYSTEMD_WRITE_SYSTEM_TOKEN");
+        r = getenv_bool("SYSTEMD_WRITE_SYSTEM_TOKEN");
         if (r < 0) {
                 if (r != -ENXIO)
                         log_warning_errno(r, "Failed to parse $SYSTEMD_WRITE_SYSTEM_TOKEN, ignoring.");

src/bootctl/bootctl-util.c

@@ -124,7 +124,7 @@ int settle_entry_token(void) {
 
         r = boot_entry_token_ensure(
                         arg_root,
-                        secure_getenv("KERNEL_INSTALL_CONF_ROOT"),
+                        getenv("KERNEL_INSTALL_CONF_ROOT"),
                         arg_machine_id,
                         /* machine_id_is_random = */ false,
                         &arg_entry_token_type,

src/bootctl/bootctl.c

@@ -67,7 +67,7 @@ sd_json_format_flags_t arg_json_format_flags = SD_JSON_FORMAT_OFF;
 bool arg_arch_all = false;
 char *arg_root = NULL;
 char *arg_image = NULL;
-InstallSource arg_install_source = INSTALL_SOURCE_AUTO;
+InstallSource arg_install_source = ARG_INSTALL_SOURCE_AUTO;
 char *arg_efi_boot_option_description = NULL;
 bool arg_dry_run = false;
 ImagePolicy *arg_image_policy = NULL;
@@ -483,11 +483,11 @@ static int parse_argv(int argc, char *argv[]) {
 
                 case ARG_INSTALL_SOURCE:
                         if (streq(optarg, "auto"))
-                                arg_install_source = INSTALL_SOURCE_AUTO;
+                                arg_install_source = ARG_INSTALL_SOURCE_AUTO;
                         else if (streq(optarg, "image"))
-                                arg_install_source = INSTALL_SOURCE_IMAGE;
+                                arg_install_source = ARG_INSTALL_SOURCE_IMAGE;
                         else if (streq(optarg, "host"))
-                                arg_install_source = INSTALL_SOURCE_HOST;
+                                arg_install_source = ARG_INSTALL_SOURCE_HOST;
                         else
                                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                                        "Unexpected parameter for --install-source=: %s", optarg);
@@ -648,7 +648,7 @@ static int parse_argv(int argc, char *argv[]) {
         if (arg_root && arg_image)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Please specify either --root= or --image=, the combination of both is not supported.");
 
-        if (arg_install_source != INSTALL_SOURCE_AUTO && !arg_root && !arg_image)
+        if (arg_install_source != ARG_INSTALL_SOURCE_AUTO && !arg_root && !arg_image)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "--install-from-host is only supported with --root= or --image=.");
 
         if (arg_dry_run && argv[optind] && !STR_IN_SET(argv[optind], "unlink", "cleanup"))
@@ -697,38 +697,6 @@ static int bootctl_main(int argc, char *argv[]) {
         return dispatch_verb(argc, argv, verbs, NULL);
 }
 
-static int vl_server(void) {
-        _cleanup_(sd_varlink_server_unrefp) sd_varlink_server *varlink_server = NULL;
-        int r;
-
-        /* Invocation as Varlink service */
-
-        r = varlink_server_new(
-                        &varlink_server,
-                        SD_VARLINK_SERVER_ROOT_ONLY,
-                        /* userdata= */ NULL);
-        if (r < 0)
-                return log_error_errno(r, "Failed to allocate Varlink server: %m");
-
-        r = sd_varlink_server_add_interface(varlink_server, &vl_interface_io_systemd_BootControl);
-        if (r < 0)
-                return log_error_errno(r, "Failed to add Varlink interface: %m");
-
-        r = sd_varlink_server_bind_method_many(
-                        varlink_server,
-                        "io.systemd.BootControl.ListBootEntries",     vl_method_list_boot_entries,
-                        "io.systemd.BootControl.SetRebootToFirmware", vl_method_set_reboot_to_firmware,
-                        "io.systemd.BootControl.GetRebootToFirmware", vl_method_get_reboot_to_firmware);
-        if (r < 0)
-                return log_error_errno(r, "Failed to bind Varlink methods: %m");
-
-        r = sd_varlink_server_loop_auto(varlink_server);
-        if (r < 0)
-                return log_error_errno(r, "Failed to run Varlink event loop: %m");
-
-        return 0;
-}
-
 static int run(int argc, char *argv[]) {
         _cleanup_(loop_device_unrefp) LoopDevice *loop_device = NULL;
         _cleanup_(umount_and_freep) char *mounted_dir = NULL;
@@ -740,8 +708,33 @@ static int run(int argc, char *argv[]) {
         if (r <= 0)
                 return r;
 
-        if (arg_varlink)
+        if (arg_varlink) {
-                return vl_server();
+                _cleanup_(sd_varlink_server_unrefp) sd_varlink_server *varlink_server = NULL;
+
+                /* Invocation as Varlink service */
+
+                r = varlink_server_new(&varlink_server, SD_VARLINK_SERVER_ROOT_ONLY, NULL);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to allocate Varlink server: %m");
+
+                r = sd_varlink_server_add_interface(varlink_server, &vl_interface_io_systemd_BootControl);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to add Varlink interface: %m");
+
+                r = sd_varlink_server_bind_method_many(
+                                varlink_server,
+                                "io.systemd.BootControl.ListBootEntries",     vl_method_list_boot_entries,
+                                "io.systemd.BootControl.SetRebootToFirmware", vl_method_set_reboot_to_firmware,
+                                "io.systemd.BootControl.GetRebootToFirmware", vl_method_get_reboot_to_firmware);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to bind Varlink methods: %m");
+
+                r = sd_varlink_server_loop_auto(varlink_server);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to run Varlink event loop: %m");
+
+                return EXIT_SUCCESS;
+        }
 
         if (arg_print_root_device > 0) {
                 _cleanup_free_ char *path = NULL;

src/bootctl/bootctl.h

@@ -4,11 +4,9 @@
 #include "forward.h"
 
 typedef enum InstallSource {
-        INSTALL_SOURCE_IMAGE,
+        ARG_INSTALL_SOURCE_IMAGE,
-        INSTALL_SOURCE_HOST,
+        ARG_INSTALL_SOURCE_HOST,
-        INSTALL_SOURCE_AUTO,
+        ARG_INSTALL_SOURCE_AUTO,
-        _INSTALL_SOURCE_MAX,
-        _INSTALL_SOURCE_INVALID = -EINVAL,
 } InstallSource;
 
 typedef enum GracefulMode {

src/core/job.c

@@ -772,8 +772,8 @@ static void job_emit_done_message(Unit *u, uint32_t job_id, JobType t, JobResult
                 /* No message on the console if the job did not actually do anything due to unmet condition. */
                 if (console_only)
                         return;
-
+                else
-                do_console = false;
+                        do_console = false;
         }
 
         if (!console_only) {  /* Skip printing if output goes to the console, and job_print_status_message()

src/core/manager.c

@@ -137,7 +137,7 @@ static usec_t manager_watch_jobs_next_time(Manager *m) {
                 /* Let the user manager without a timeout show status quickly, so the system manager can make
                  * use of it, if it wants to. */
                 timeout = JOBS_IN_PROGRESS_WAIT_USEC * 2 / 3;
-        else if (manager_get_show_status_on(m))
+        else if (show_status_on(m->show_status))
                 /* When status is on, just use the usual timeout. */
                 timeout = JOBS_IN_PROGRESS_WAIT_USEC;
         else
@@ -4525,10 +4525,10 @@ static bool manager_should_show_status(Manager *m, StatusType type) {
                 return false;
 
         /* If we cannot find out the status properly, just proceed. */
-        if (type < STATUS_TYPE_EMERGENCY && manager_check_ask_password(m) > 0)
+        if (type != STATUS_TYPE_EMERGENCY && manager_check_ask_password(m) > 0)
                 return false;
 
-        if (type >= STATUS_TYPE_NOTICE && manager_get_show_status(m) != SHOW_STATUS_NO)
+        if (type == STATUS_TYPE_NOTICE && m->show_status != SHOW_STATUS_NO)
                 return true;
 
         return manager_get_show_status_on(m);

src/core/unit.c

@@ -1825,15 +1825,7 @@ static bool unit_test_assert(Unit *u) {
         return u->assert_result;
 }
 
-void unit_status_printf(
+void unit_status_printf(Unit *u, StatusType status_type, const char *status, const char *format, const char *ident) {
-                Unit *u,
-                StatusType status_type,
-                const char *status,
-                const char *format,
-                const char *ident) {
-
-        assert(u);
-
         if (log_get_show_color()) {
                 if (u->manager->status_unit_format == STATUS_UNIT_FORMAT_COMBINED && strchr(ident, ' '))
                         ident = strjoina(ANSI_HIGHLIGHT, u->id, ANSI_NORMAL, " - ", u->description);

src/core/unit.h

@@ -52,12 +52,10 @@ typedef enum OOMPolicy {
 } OOMPolicy;
 
 typedef enum StatusType {
-        STATUS_TYPE_EPHEMERAL,   /* ordered by severity! Do not break order */
+        STATUS_TYPE_EPHEMERAL,
         STATUS_TYPE_NORMAL,
         STATUS_TYPE_NOTICE,
         STATUS_TYPE_EMERGENCY,
-        _STATUS_TYPE_MAX,
-        _STATUS_TYPE_INVALID = -EINVAL,
 } StatusType;
 
 static inline bool UNIT_IS_ACTIVE_OR_RELOADING(UnitActiveState t) {

src/run/run.c

@@ -5,7 +5,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/resource.h>
-#include <sys/stat.h>
 #include <unistd.h>
 
 #include "sd-bus.h"

src/shared/boot-entry.h

@@ -11,8 +11,6 @@ typedef enum BootEntryTokenType {
         BOOT_ENTRY_TOKEN_OS_ID,
         BOOT_ENTRY_TOKEN_LITERAL,
         BOOT_ENTRY_TOKEN_AUTO,
-        _BOOT_ENTRY_TOKEN_TYPE_MAX,
-        _BOOT_ENTRY_TOKEN_TYPE_INVALID = -EINVAL,
 } BootEntryTokenType;
 
 bool boot_entry_token_valid(const char *p);

src/shared/libaudit-util.c

@@ -22,7 +22,7 @@ static DLSYM_PROTOTYPE(audit_open) = NULL;
 
 int dlopen_libaudit(void) {
         ELF_NOTE_DLOPEN("libaudit",
-                        "Support for Audit logging",
+                        "Support for Audit loggging",
                         ELF_NOTE_DLOPEN_PRIORITY_RECOMMENDED,
                         "libaudit.so.1");