rules.d: import the keyboard builtin instead of running it

RUN seems to be used primarily for historical reasons over the more
immediate IMPORT command. As a side-effect, RUN also runs *after* all the
rules have been processed which is not really what we want here - we expect
the device to be updated immediately. Other rules that rely on accurate evdev
axes should be able to assume the axes are already present. So let's use
IMPORT here.

For consistency, the second two rules are split across multiple lines as well.

rules.d/60-evdev.rules

@@ -5,19 +5,21 @@ KERNEL!="event*", GOTO="evdev_end"
 
 # skip later rules when we find something for this input device
 IMPORT{builtin}="hwdb --subsystem=input --lookup-prefix=evdev:", \
-  RUN{builtin}+="keyboard", GOTO="evdev_end"
+  IMPORT{builtin}="keyboard", GOTO="evdev_end"
 
 # AT keyboard matching by the machine's DMI data
 DRIVERS=="atkbd", \
   IMPORT{builtin}="hwdb 'evdev:atkbd:$attr{[dmi/id]modalias}'", \
-  RUN{builtin}+="keyboard", GOTO="evdev_end"
+  IMPORT{builtin}="keyboard", GOTO="evdev_end"
 
 # device matching the input device name + properties + the machine's DMI data
-KERNELS=="input*", IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:phys:$attr{phys}:ev:$attr{capabilities/ev}:$attr{[dmi/id]modalias}'", \
-  RUN{builtin}+="keyboard", GOTO="evdev_end"
+KERNELS=="input*", \
+  IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:phys:$attr{phys}:ev:$attr{capabilities/ev}:$attr{[dmi/id]modalias}'", \
+  IMPORT{builtin}="keyboard", GOTO="evdev_end"
 
 # device matching the input device name and the machine's DMI data
-KERNELS=="input*", IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:$attr{[dmi/id]modalias}'", \
-  RUN{builtin}+="keyboard", GOTO="evdev_end"
+KERNELS=="input*", \
+  IMPORT{builtin}="hwdb 'evdev:name:$attr{name}:$attr{[dmi/id]modalias}'", \
+  IMPORT{builtin}="keyboard", GOTO="evdev_end"
 
 LABEL="evdev_end"

src/resolve/resolved-dnstls-openssl.c

@@ -73,7 +73,9 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
                 return -ENOMEM;
 
         SSL_set_connect_state(s);
-        SSL_set_session(s, server->dnstls_data.session);
+        r = SSL_set_session(s, server->dnstls_data.session);
+        if (r == 0)
+                return -EIO;
         SSL_set_bio(s, TAKE_PTR(rb), TAKE_PTR(wb));
 
         if (server->manager->dns_over_tls_mode == DNS_OVER_TLS_YES) {
@@ -83,7 +85,7 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
                 SSL_set_verify(s, SSL_VERIFY_PEER, NULL);
                 v = SSL_get0_param(s);
                 ip = server->family == AF_INET ? (const unsigned char*) &server->address.in.s_addr : server->address.in6.s6_addr;
-                if (!X509_VERIFY_PARAM_set1_ip(v, ip, FAMILY_ADDRESS_SIZE(server->family)))
+                if (X509_VERIFY_PARAM_set1_ip(v, ip, FAMILY_ADDRESS_SIZE(server->family)) == 0)
                         return -ECONNREFUSED;
         }
 
@@ -106,8 +108,8 @@ int dnstls_stream_connect_tls(DnsStream *stream, DnsServer *server) {
                         char errbuf[256];
 
                         ERR_error_string_n(error, errbuf, sizeof(errbuf));
-                        log_debug("Failed to invoke SSL_do_handshake: %s", errbuf);
-                        return -ECONNREFUSED;
+                        return log_debug_errno(SYNTHETIC_ERRNO(ECONNREFUSED),
+                                               "Failed to invoke SSL_do_handshake: %s", errbuf);
                 }
         }
 
@@ -368,20 +370,27 @@ void dnstls_server_free(DnsServer *server) {
 
 int dnstls_manager_init(Manager *manager) {
         int r;
+
         assert(manager);
 
         ERR_load_crypto_strings();
         SSL_load_error_strings();
-        manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
 
+        manager->dnstls_data.ctx = SSL_CTX_new(TLS_client_method());
         if (!manager->dnstls_data.ctx)
                 return -ENOMEM;
 
-        SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
-        SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
+        r = SSL_CTX_set_min_proto_version(manager->dnstls_data.ctx, TLS1_2_VERSION);
+        if (r == 0)
+                return -EIO;
+
+        (void) SSL_CTX_set_options(manager->dnstls_data.ctx, SSL_OP_NO_COMPRESSION);
+
         r = SSL_CTX_set_default_verify_paths(manager->dnstls_data.ctx);
-        if (r < 0)
-                log_warning("Failed to load system trust store: %s", ERR_error_string(ERR_get_error(), NULL));
+        if (r == 0)
+                return log_warning_errno(SYNTHETIC_ERRNO(EIO),
+                                         "Failed to load system trust store: %s",
+                                         ERR_error_string(ERR_get_error(), NULL));
 
         return 0;
 }