From 7f5ef7c04a24ede94a31a7e7820d9d03b9522bd5 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <ueno@gnu.org>
Date: Fri, 12 Jun 2020 08:31:42 +0200
Subject: [PATCH] anchor: Exit with non-zero code, if any error occurs

Suggested by Nikos Mavrogiannopoulos in:
https://github.com/p11-glue/p11-kit/issues/300
---
 trust/anchor.c | 35 ++++++++++++++++++++++++-----------
 1 file changed, 24 insertions(+), 11 deletions(-)

diff --git a/trust/anchor.c b/trust/anchor.c
index a232ead..2f0aba6 100644
--- a/trust/anchor.c
+++ b/trust/anchor.c
@@ -458,8 +458,9 @@ find_anchor (CK_FUNCTION_LIST *module,
 
 static int
 anchor_store (int argc,
-              char *argv[],
-              bool *changed)
+	      char *argv[],
+	      bool *changed,
+	      unsigned int *errors)
 {
 	CK_ATTRIBUTE *attrs;
 	CK_FUNCTION_LIST *module = NULL;
@@ -509,6 +510,9 @@ anchor_store (int argc,
 		}
 	}
 
+	if (ret != 0)
+		*errors = 1;
+
 	p11_array_free (anchors);
 	p11_kit_module_finalize (module);
 	p11_kit_module_release (module);
@@ -537,7 +541,8 @@ description_for_object_at_iter (p11_kit_iter *iter)
 
 static bool
 remove_all (p11_kit_iter *iter,
-            bool *changed)
+	    bool *changed,
+	    unsigned int *errors)
 {
 	const char *desc;
 	CK_RV rv;
@@ -549,28 +554,28 @@ remove_all (p11_kit_iter *iter,
 		switch (rv) {
 		case CKR_OK:
 			*changed = true;
-			/* fall through */
-		case CKR_OBJECT_HANDLE_INVALID:
 			continue;
 		case CKR_TOKEN_WRITE_PROTECTED:
 		case CKR_SESSION_READ_ONLY:
 		case CKR_ATTRIBUTE_READ_ONLY:
 			p11_message ("couldn't remove read-only %s", desc);
-			continue;
+			break;
 		default:
 			p11_message ("couldn't remove %s: %s", desc,
 			             p11_kit_strerror (rv));
 			break;
 		}
+		(*errors)++;
 	}
 
-	return (rv == CKR_CANCEL);
+	return (rv == CKR_CANCEL) && *errors == 0;
 }
 
 static int
 anchor_remove (int argc,
                char *argv[],
-               bool *changed)
+               bool *changed,
+	       unsigned int *errors)
 {
 	CK_FUNCTION_LIST **modules;
 	p11_array *iters;
@@ -595,7 +600,7 @@ anchor_remove (int argc,
 		iter = iters->elem[i];
 
 		p11_kit_iter_begin (iter, modules);
-		if (!remove_all (iter, changed))
+		if (!remove_all (iter, changed, errors))
 			ret = 1;
 	}
 
@@ -610,6 +615,7 @@ p11_trust_anchor (int argc,
                   char **argv)
 {
 	bool changed = false;
+	unsigned int errors = 0;
 	int action = 0;
 	int opt;
 	int ret = 0;
@@ -674,14 +680,21 @@ p11_trust_anchor (int argc,
 
 	/* Store is different, and only accepts files */
 	if (action == opt_store)
-		ret = anchor_store (argc, argv, &changed);
+		ret = anchor_store (argc, argv, &changed, &errors);
 
 	else if (action == opt_remove)
-		ret = anchor_remove (argc, argv, &changed);
+		ret = anchor_remove (argc, argv, &changed, &errors);
 
 	else
 		assert_not_reached ();
 
+	if (errors > 0) {
+		if (errors == 1)
+			p11_message ("%u error while processing", errors);
+		else
+			p11_message ("%u errors while processing", errors);
+	}
+
 	/* Extract the compat bundles after modification */
 	if (ret == 0 && changed) {
 		char *args[] = { argv[0], NULL };
-- 
1.8.3.1