bpf-firewall: invert test

Following our coding style of exiting early (instead of deep nesting),
let's invert the if check here.

Inspired by: https://github.com/systemd/systemd/pull/21602#pullrequestreview-919960060

TODO

@@ -78,6 +78,8 @@ Janitorial Clean-ups:
 
 Features:
 
+* improve scope units to support creation by pidfd instead of by PID
+
 * deprecate cgroupsv1 (i.e. taint system with it, print log message at boot)
 
 * systemd-dissect: add --cat switch for dumping files such as /etc/os-release

src/core/bpf-firewall.c

@@ -927,16 +927,17 @@ void emit_bpf_firewall_warning(Unit *u) {
         assert(u);
         assert(u->manager);
 
-        if (!warned && !MANAGER_IS_TEST_RUN(u->manager)) {
-                bool quiet = bpf_firewall_unsupported_reason == -EPERM && detect_container() > 0;
+        if (warned || MANAGER_IS_TEST_RUN(u->manager))
+                return;
 
-                log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
-                                    "unit configures an IP firewall, but %s.\n"
-                                    "(This warning is only shown for the first unit using IP firewalling.)",
-                                    getuid() != 0 ? "not running as root" :
-                                                    "the local system does not support BPF/cgroup firewalling");
-                warned = true;
-        }
+        bool quiet = ERRNO_IS_PRIVILEGE(bpf_firewall_unsupported_reason) && detect_container() > 0;
+
+        log_unit_full_errno(u, quiet ? LOG_DEBUG : LOG_WARNING, bpf_firewall_unsupported_reason,
+                            "unit configures an IP firewall, but %s.\n"
+                            "(This warning is only shown for the first unit using IP firewalling.)",
+                            getuid() != 0 ? "not running as root" :
+                            "the local system does not support BPF/cgroup firewalling");
+        warned = true;
 }
 
 void bpf_firewall_close(Unit *u) {

src/cryptsetup/cryptsetup.c

@@ -1414,7 +1414,7 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
 
                         if (is_efi_boot() && !efi_has_tpm2())
                                 return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN),
-                                                        "No TPM2 hardware discovered and EFI bios indicates no support for it either, assuming TPM2-less system, falling back to traditional unocking.");
+                                                        "No TPM2 hardware discovered and EFI bios indicates no support for it either, assuming TPM2-less system, falling back to traditional unlocking.");
 
                         r = make_tpm2_device_monitor(&event, &monitor);
                         if (r < 0)

src/journal-remote/journal-remote-main.c

@@ -46,7 +46,11 @@ static const char* arg_output = NULL;
 static char *arg_key = NULL;
 static char *arg_cert = NULL;
 static char *arg_trust = NULL;
+#if HAVE_GNUTLS
 static bool arg_trust_all = false;
+#else
+static bool arg_trust_all = true;
+#endif
 
 STATIC_DESTRUCTOR_REGISTER(arg_gnutls_log, strv_freep);
 STATIC_DESTRUCTOR_REGISTER(arg_key, freep);
@@ -931,6 +935,7 @@ static int parse_argv(int argc, char *argv[]) {
                         break;
 
                 case ARG_TRUST:
+#if HAVE_GNUTLS
                         if (arg_trust || arg_trust_all)
                                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                                        "Confusing trusted CA configuration");
@@ -938,16 +943,14 @@ static int parse_argv(int argc, char *argv[]) {
                         if (streq(optarg, "all"))
                                 arg_trust_all = true;
                         else {
-#if HAVE_GNUTLS
                                 arg_trust = strdup(optarg);
                                 if (!arg_trust)
                                         return log_oom();
-#else
-                                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                                       "Option --trust is not available.");
-#endif
                         }
-
+#else
+                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                               "Option --trust is not available.");
+#endif
                         break;
 
                 case 'o':

src/journal-remote/microhttpd-util.c

@@ -299,7 +299,7 @@ int check_permissions(struct MHD_Connection *connection, int *code, char **hostn
 
 #else
 int check_permissions(struct MHD_Connection *connection, int *code, char **hostname) {
-        return -EPERM;
+        assert_not_reached();
 }
 
 int setup_gnutls_logger(char **categories) {

src/login/logind-user.c

@@ -638,7 +638,7 @@ static bool user_unit_active(User *u) {
 
                 r = manager_unit_is_active(u->manager, i, &error);
                 if (r < 0)
-                        log_debug_errno(r, "Failed to determine whether unit '%s' is active, ignoring: %s", u->service, bus_error_message(&error, r));
+                        log_debug_errno(r, "Failed to determine whether unit '%s' is active, ignoring: %s", i, bus_error_message(&error, r));
                 if (r != 0)
                         return true;
         }