Comment # 8 on bug 1191260 from 
(In reply to Michal Suchanek from comment #7)

> There are branches that do nothing and branch that complains about wrong
> scriptlet.

So what? What's the benefit of running the noop branch, or seeing that
complaint on systems where the entire concept of certificates doesn't matter?

By definition, cert-script is a noop on systems that don't support UEFI.
Therefore exiting early (and without a warning, which would just confuse users
without good reason) on such a system is the right thing to do. As a side
effect, it makes the code more compact and easier to read.

> Exiting early because the test is needed on all branches now is prone to the
> same problem as we had with IFS in find-provides.ksyms. The test is
> completely separated from the code in question.

No. The problem in find-provides.ksyms was not the early check, but the fact
that IFS was mangled, which is about the dirtiest thing that you can do in
shell programming. If a program can determine early on that it has no purpose,
quitting immediately is reasonable and clean. The scriptlet is small enough
that even in the extremely unlikely case that some time in the future we'll add
some certificate handling on non-UEFI systems, we'll figure out how to skip the
test.

You are receiving this mail because: