Merge pull request #27261 from keszybz/test-cleanup

Cleanup syntax and use idiomatic bash in test scripts
2025-02-03 17:47:28 +03:00 · 2023-04-25 11:41:27 +02:00 · 2023-04-25 11:41:27 +02:00 · 9203abf79f
commit 9203abf79f
parent 797f6cc514 4481a30855
30 changed files with 260 additions and 291 deletions
--- a/test/units/testsuite-03.sh
+++ b/test/units/testsuite-03.sh
@ -34,11 +34,11 @@ grep 'hello\.service' /root/list-jobs.txt && exit 1
 systemctl stop sleep.service hello-after-sleep.target

 # Some basic testing that --show-transaction does something useful
-systemctl is-active systemd-importd && { echo 'unexpected success'; exit 1; }
+(! systemctl is-active systemd-importd)
 systemctl -T start systemd-importd
 systemctl is-active systemd-importd
 systemctl --show-transaction stop systemd-importd
-systemctl is-active systemd-importd && { echo 'unexpected success'; exit 1; }
+(! systemctl is-active systemd-importd)

 # Test for a crash when enqueuing a JOB_NOP when other job already exists
 systemctl start --no-block hello-after-sleep.target
@ -95,7 +95,7 @@ ELAPSED=$((END_SEC-START_SEC))

 # wait5fail fails, so systemctl should fail
 START_SEC=$(date -u '+%s')
-systemctl start --wait wait2.service wait5fail.service && { echo 'unexpected success'; exit 1; }
+(! systemctl start --wait wait2.service wait5fail.service)
 END_SEC=$(date -u '+%s')
 ELAPSED=$((END_SEC-START_SEC))
 [[ "$ELAPSED" -ge 5 ]] && [[ "$ELAPSED" -le 7 ]] || exit 1
--- a/test/units/testsuite-04.sh
+++ b/test/units/testsuite-04.sh
@ -74,10 +74,10 @@ journalctl -b -o export --output-fields=MESSAGE,FOO --output-fields=PRIORITY,MES
 grep -q '^__CURSOR=' /output
 grep -q '^MESSAGE=foo$' /output
 grep -q '^PRIORITY=6$' /output
-grep '^FOO=' /output && { echo 'unexpected success'; exit 1; }
-grep '^SYSLOG_FACILITY=' /output && { echo 'unexpected success'; exit 1; }
+(! grep '^FOO=' /output)
+(! grep '^SYSLOG_FACILITY=' /output)

-# `-b all` negates earlier use of -b (-b and -m are otherwise exclusive)
+# '-b all' negates earlier use of -b (-b and -m are otherwise exclusive)
 journalctl -b -1 -b all -m >/dev/null

 # -b always behaves like -b0
@ -212,11 +212,7 @@ function is_xattr_supported() {
    END=$(date '+%Y-%m-%d %T.%6N')
    systemctl stop text_xattr

-    if journalctl -q -u "text_xattr" -S "$START" -U "$END" --grep "Failed to set 'user.journald_log_filter_patterns' xattr.*not supported$"; then
-        return 1
-    fi
-
-    return 0
+    ! journalctl -q -u "text_xattr" -S "$START" -U "$END" --grep "Failed to set 'user.journald_log_filter_patterns' xattr.*not supported$"
 }

 if is_xattr_supported; then
@ -279,9 +275,9 @@ test "$SEQNUM2" -gt "$SEQNUM1"
 JTMP="/var/tmp/jtmp-$RANDOM"
 mkdir "$JTMP"

-( cd /test-journals/1 && for f in *.zst ; do unzstd < "$f" > "$JTMP/${f%.zst}" ; done )
+( cd /test-journals/1 && for f in *.zst; do unzstd "$f" -o "$JTMP/${f%.zst}"; done )

-journalctl --directory="$JTMP" --list-boots --output=json > /tmp/lb1
+journalctl --directory="$JTMP" --list-boots --output=json >/tmp/lb1

 diff -u /tmp/lb1 - <<'EOF'
 [{"index":-3,"boot_id":"5ea5fc4f82a14186b5332a788ef9435e","first_entry":1666569600994371,"last_entry":1666584266223608},{"index":-2,"boot_id":"bea6864f21ad4c9594c04a99d89948b0","first_entry":1666584266731785,"last_entry":1666584347230411},{"index":-1,"boot_id":"4c708e1fd0744336be16f3931aa861fb","first_entry":1666584348378271,"last_entry":1666584354649355},{"index":0,"boot_id":"35e8501129134edd9df5267c49f744a4","first_entry":1666584356661527,"last_entry":1666584438086856}]
--- a/test/units/testsuite-17.06.sh
+++ b/test/units/testsuite-17.06.sh
@ -16,20 +16,18 @@ function check_validity() {
 }

 function check() {
-    local i j
-
-    for ((i = 0; i < 2; i++)); do
+    for _ in {1..2}; do
        systemctl restart systemd-udevd.service
        udevadm control --ping
        udevadm settle
        check_validity

-        for ((j = 0; j < 2; j++)); do
+        for _ in {1..2}; do
            udevadm trigger -w --action add --subsystem-match=block
            check_validity
        done

-        for ((j = 0; j < 2; j++)); do
+        for _ in {1..2}; do
            udevadm trigger -w --action change --subsystem-match=block
            check_validity
        done
--- a/test/units/testsuite-17.07.sh
+++ b/test/units/testsuite-17.07.sh
@ -8,8 +8,8 @@ set -o pipefail

 wait_service_active() {(
    set +ex
-    for (( i = 0; i < 20; i++ )); do
-        if (( i != 0 )); then sleep 0.5; fi
+    for i in {1..20}; do
+        (( i > 1 )) && sleep 0.5
        if systemctl --quiet is-active "${1?}"; then
            return 0
        fi
@ -19,8 +19,8 @@ wait_service_active() {(

 wait_service_inactive() {(
    set +ex
-    for (( i = 0; i < 20; i++ )); do
-        if (( i != 0 )); then sleep 0.5; fi
+    for i in {1..20}; do
+        (( i > 1 )) && sleep 0.5
        systemctl --quiet is-active "${1?}"
        if [[ "$?" == "3" ]]; then
            return 0
--- a/test/units/testsuite-17.08.sh
+++ b/test/units/testsuite-17.08.sh
@ -18,8 +18,8 @@ EOF
 udevadm control --reload

 udevadm trigger --settle --action add /dev/null
-for ((i = 0; i < 20; i++)); do
-    ((i == 0)) || sleep .5
+for i in {1..20}; do
+    ((i > 1)) && sleep .5

    (
        systemctl -q is-active /dev/test/symlink-to-null-on-add
@ -34,8 +34,8 @@ assert_rc 0 systemctl -q is-active /sys/test/alias-to-null-on-add
 assert_rc 3 systemctl -q is-active /sys/test/alias-to-null-on-change

 udevadm trigger --settle --action change /dev/null
-for ((i = 0; i < 20; i++)); do
-    ((i == 0)) || sleep .5
+for i in {1..20}; do
+    ((i > 1)) && sleep .5

    (
        ! systemctl -q is-active /dev/test/symlink-to-null-on-add
@ -50,8 +50,8 @@ assert_rc 3 systemctl -q is-active /sys/test/alias-to-null-on-add
 assert_rc 0 systemctl -q is-active /sys/test/alias-to-null-on-change

 udevadm trigger --settle --action add /dev/null
-for ((i = 0; i < 20; i++)); do
-    ((i == 0)) || sleep .5
+for i in {1..20}; do
+    ((i > 1)) && sleep .5

    (
        systemctl -q is-active /dev/test/symlink-to-null-on-add
--- a/test/units/testsuite-17.09.sh
+++ b/test/units/testsuite-17.09.sh
@ -15,7 +15,7 @@ KERNEL!="null", GOTO="test-end"
 ACTION=="remove", GOTO="test-end"

 # add 100 * 100byte of properties
-$(for ((i = 0; i < 100; i++)); do printf 'ENV{XXX%03i}="0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789"\n' "$i"; done)
+$(for i in {1..100}; do printf 'ENV{XXX%03i}="0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789"\n' "$i"; done)

 LABEL="test-end"
 EOF
@ -46,7 +46,7 @@ for _ in {1..40}; do
    fi

    FOUND=1
-    for ((i = 0; i < 100; i++)); do
+    for i in {1..100}; do
        if ! grep -F "$(printf 'XXX%03i=0123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789' "$i")" "$TMPDIR"/monitor.txt; then
            FOUND=
            break
--- a/test/units/testsuite-18.sh
+++ b/test/units/testsuite-18.sh
@ -4,7 +4,7 @@ set -eux
 set -o pipefail

 systemd-run --wait -p FailureAction=poweroff true
-systemd-run --wait -p SuccessAction=poweroff false && { echo 'unexpected success'; exit 1; }
+(! systemd-run --wait -p SuccessAction=poweroff false)

 if ! test -f /firstphase ; then
    echo OK >/firstphase
--- a/test/units/testsuite-20.sh
+++ b/test/units/testsuite-20.sh
@ -128,16 +128,16 @@ chmod 755 /dev/shm/test-mainpid3.sh

 # This has to fail, as we shouldn't accept the dangerous PID file, and then
 # inotify-wait on it to be corrected which we never do.
-systemd-run --unit=test-mainpidsh3.service \
-            -p StandardOutput=tty \
-            -p StandardError=tty \
-            -p Type=forking \
-            -p RuntimeDirectory=mainpidsh3 \
-            -p PIDFile=/run/mainpidsh3/pid \
-            -p DynamicUser=1 \
-            -p TimeoutStartSec=2s \
-            /dev/shm/test-mainpid3.sh \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-run \
+    --unit=test-mainpidsh3.service \
+    -p StandardOutput=tty \
+    -p StandardError=tty \
+    -p Type=forking \
+    -p RuntimeDirectory=mainpidsh3 \
+    -p PIDFile=/run/mainpidsh3/pid \
+    -p DynamicUser=1 \
+    -p TimeoutStartSec=2s \
+    /dev/shm/test-mainpid3.sh)

 # Test that this failed due to timeout, and not some other error
 test "$(systemctl show -P Result test-mainpidsh3.service)" = timeout
--- a/test/units/testsuite-22.03.sh
+++ b/test/units/testsuite-22.03.sh
@ -38,7 +38,7 @@ test "$(stat -c %U:%G:%a /tmp/f/1)" = "daemon:daemon:666"
 mkfifo /tmp/f/fifo
 chmod 644 /tmp/f/fifo

-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 f     /tmp/f/fifo    0666 daemon daemon - This string should not be written
 EOF

@ -49,7 +49,7 @@ test "$(stat -c %U:%G:%a /tmp/f/fifo)" = "root:root:644"
 ln -s missing /tmp/f/dangling
 ln -s /tmp/file-owned-by-root /tmp/f/symlink

-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 f     /tmp/f/dangling    0644 daemon daemon - -
 f     /tmp/f/symlink     0644 daemon daemon - -
 EOF
@ -71,12 +71,12 @@ f     /tmp/f/ro-fs/foo    0644 - - - - This string should not be written
 EOF
 test -f /tmp/f/ro-fs/foo; test ! -s /tmp/f/ro-fs/foo

-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 f     /tmp/f/ro-fs/foo    0666 - - - -
 EOF
 test "$(stat -c %U:%G:%a /tmp/f/fifo)" = "root:root:644"

-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 f     /tmp/f/ro-fs/bar    0644 - - - -
 EOF
 test ! -e /tmp/f/ro-fs/bar
@ -86,7 +86,7 @@ mkdir /tmp/f/daemon
 ln -s /root /tmp/f/daemon/unsafe-symlink
 chown -R --no-dereference daemon:daemon /tmp/f/daemon

-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 f     /tmp/f/daemon/unsafe-symlink/exploit    0644 daemon daemon - -
 EOF
 test ! -e /tmp/f/daemon/unsafe-symlink/exploit
@ -116,7 +116,7 @@ test "$(stat -c %U:%G:%a /tmp/F/truncated-with-content)" = "daemon:daemon:666"
 ### unspecified in the other cases.
 mkfifo /tmp/F/fifo

-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 F     /tmp/F/fifo                0644 - - - -
 EOF

@ -126,7 +126,7 @@ test -p /tmp/F/fifo
 ln -s missing /tmp/F/dangling
 ln -s /tmp/file-owned-by-root /tmp/F/symlink

-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 f     /tmp/F/dangling    0644 daemon daemon - -
 f     /tmp/F/symlink     0644 daemon daemon - -
 EOF
@ -149,11 +149,11 @@ EOF
 test -f /tmp/F/ro-fs/foo; test ! -s /tmp/F/ro-fs/foo

 echo "truncating is not allowed anymore" >/tmp/F/rw-fs/foo
-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 F     /tmp/F/ro-fs/foo    0644 - - - -
 EOF

-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 F     /tmp/F/ro-fs/foo    0644 - - - - This string should not be written
 EOF
 test -f /tmp/F/ro-fs/foo
@ -161,13 +161,13 @@ grep -q 'truncating is not allowed' /tmp/F/ro-fs/foo

 # Trying to change the perms should fail.
 : >/tmp/F/rw-fs/foo
-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 F     /tmp/F/ro-fs/foo    0666 - - - -
 EOF
 test "$(stat -c %U:%G:%a /tmp/F/ro-fs/foo)" = "root:root:644"

 ### Try to create a new file.
-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 F     /tmp/F/ro-fs/bar    0644 - - - -
 EOF
 test ! -e /tmp/F/ro-fs/bar
@ -177,7 +177,7 @@ mkdir /tmp/F/daemon
 ln -s /root /tmp/F/daemon/unsafe-symlink
 chown -R --no-dereference daemon:daemon /tmp/F/daemon

-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 F     /tmp/F/daemon/unsafe-symlink/exploit    0644 daemon daemon - -
 EOF
 test ! -e /tmp/F/daemon/unsafe-symlink/exploit
@ -195,7 +195,7 @@ EOF
 test ! -e /tmp/w/unexistent

 ### no argument given -> fails.
-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 w     /tmp/w/unexistent    0644 - - - -
 EOF

@ -240,7 +240,7 @@ mkdir /tmp/w/daemon
 ln -s /root /tmp/w/daemon/unsafe-symlink
 chown -R --no-dereference daemon:daemon /tmp/w/daemon

-systemd-tmpfiles --create - <<EOF && { echo 'unexpected success'; exit 1; }
+(! systemd-tmpfiles --create -) <<EOF
 f     /tmp/w/daemon/unsafe-symlink/exploit    0644 daemon daemon - -
 EOF
 test ! -e /tmp/w/daemon/unsafe-symlink/exploit
--- a/test/units/testsuite-22.08.sh
+++ b/test/units/testsuite-22.08.sh
@ -22,11 +22,9 @@ test -d /tmp/root/test2
 # Verify the command fails to write to a root-owned subdirectory under an
 # unprivileged user's directory when it's not part of the prefix, as expected
 # by the unsafe_transition function.
-echo 'd /tmp/user/root/test' | systemd-tmpfiles --create - \
-    && { echo 'unexpected success'; exit 1; }
+echo 'd /tmp/user/root/test' | (! systemd-tmpfiles --create -)
 test ! -e /tmp/user/root/test
-echo 'd /user/root/test' | systemd-tmpfiles --root=/tmp --create - \
-    && { echo 'unexpected success'; exit 1; }
+echo 'd /user/root/test' | (! systemd-tmpfiles --root=/tmp --create -)
 test ! -e /tmp/user/root/test

 # Verify the above works when all user-owned directories are in the prefix.
--- a/test/units/testsuite-23.sh
+++ b/test/units/testsuite-23.sh
@ -16,8 +16,8 @@ systemd-run --unit=three -p Type=simple /tmp/brokenbinary

 # And now, do the same with Type=exec, where the latter two should fail
 systemd-run --unit=four -p Type=exec /bin/sleep infinity
-systemd-run --unit=five -p Type=exec -p User=idontexist /bin/sleep infinity && { echo 'unexpected success'; exit 1; }
-systemd-run --unit=six -p Type=exec /tmp/brokenbinary && { echo 'unexpected success'; exit 1; }
+(! systemd-run --unit=five -p Type=exec -p User=idontexist /bin/sleep infinity)
+(! systemd-run --unit=six -p Type=exec /tmp/brokenbinary)

 systemd-run --unit=seven -p KillSignal=SIGTERM -p RestartKillSignal=SIGINT -p Type=exec /bin/sleep infinity
 # Both TERM and SIGINT happen to have the same number on all architectures
@ -31,32 +31,32 @@ systemctl stop seven.service

 # Should work normally
 busctl call \
-  org.freedesktop.systemd1 /org/freedesktop/systemd1 \
-  org.freedesktop.systemd1.Manager StartTransientUnit \
-  "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \
-    ExecStart "a(sasb)" 1 \
-      /usr/bin/sleep 2 /usr/bin/sleep 1 true \
-  0
+    org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+    org.freedesktop.systemd1.Manager StartTransientUnit \
+    "ssa(sv)a(sa(sv))" test-20933-ok.service replace 1 \
+      ExecStart "a(sasb)" 1 \
+        /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+    0

 # DBus call should fail but not crash systemd
-busctl call \
-  org.freedesktop.systemd1 /org/freedesktop/systemd1 \
-  org.freedesktop.systemd1.Manager StartTransientUnit \
-  "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \
-    ExecStart "a(sasb)" 1 \
-      /usr/bin/sleep 0 true \
-  0 && { echo 'unexpected success'; exit 1; }
+(! busctl call \
+    org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+    org.freedesktop.systemd1.Manager StartTransientUnit \
+    "ssa(sv)a(sa(sv))" test-20933-bad.service replace 1 \
+      ExecStart "a(sasb)" 1 \
+        /usr/bin/sleep 0 true \
+    0)

 # Same but with the empty argv in the middle
-busctl call \
-  org.freedesktop.systemd1 /org/freedesktop/systemd1 \
-  org.freedesktop.systemd1.Manager StartTransientUnit \
-  "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \
-    ExecStart "a(sasb)" 3 \
-      /usr/bin/sleep 2 /usr/bin/sleep 1 true \
-      /usr/bin/sleep 0                  true \
-      /usr/bin/sleep 2 /usr/bin/sleep 1 true \
-  0 && { echo 'unexpected success'; exit 1; }
+(! busctl call \
+    org.freedesktop.systemd1 /org/freedesktop/systemd1 \
+    org.freedesktop.systemd1.Manager StartTransientUnit \
+    "ssa(sv)a(sa(sv))" test-20933-bad-middle.service replace 1 \
+      ExecStart "a(sasb)" 3 \
+        /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+        /usr/bin/sleep 0                  true \
+        /usr/bin/sleep 2 /usr/bin/sleep 1 true \
+    0)

 systemd-analyze log-level info

--- a/test/units/testsuite-25.sh
+++ b/test/units/testsuite-25.sh
@ -36,7 +36,7 @@ cmp /var/tmp/testimage.raw /var/lib/machines/testimage3.raw
 # Test removal
 machinectl remove testimage
 test ! -f /var/lib/machines/testimage.raw
-machinectl image-status testimage && { echo 'unexpected success'; exit 1; }
+(! machinectl image-status testimage)

 # Test export of clone
 machinectl export-raw testimage3 /var/tmp/testimage3.raw
@ -48,7 +48,7 @@ machinectl rename testimage3 testimage4
 test -f /var/lib/machines/testimage4.raw
 machinectl image-status testimage4
 test ! -f /var/lib/machines/testimage3.raw
-machinectl image-status testimage3 && { echo 'unexpected success'; exit 1; }
+(! machinectl image-status testimage3)
 cmp /var/tmp/testimage.raw /var/lib/machines/testimage4.raw

 # Test export of rename
@ -59,7 +59,7 @@ rm /var/tmp/testimage4.raw
 # Test removal
 machinectl remove testimage4
 test ! -f /var/lib/machines/testimage4.raw
-machinectl image-status testimage4 && { echo 'unexpected success'; exit 1; }
+(! machinectl image-status testimage4)

 # → And now, let's test directory trees ← #

@ -92,7 +92,7 @@ diff -r /var/tmp/scratch/ /var/lib/machines/scratch2
 # Test removal
 machinectl remove scratch
 test ! -f /var/lib/machines/scratch
-machinectl image-status scratchi && { echo 'unexpected success'; exit 1; }
+(! machinectl image-status scratch)

 # Test clone
 machinectl clone scratch2 scratch3
@ -105,20 +105,20 @@ diff -r /var/tmp/scratch/ /var/lib/machines/scratch3
 # Test removal
 machinectl remove scratch2
 test ! -f /var/lib/machines/scratch2
-machinectl image-status scratch2 && { echo 'unexpected success'; exit 1; }
+(! machinectl image-status scratch2)

 # Test rename
 machinectl rename scratch3 scratch4
 test -d /var/lib/machines/scratch4
 machinectl image-status scratch4
 test ! -f /var/lib/machines/scratch3
-machinectl image-status scratch3 && { echo 'unexpected success'; exit 1; }
+(! machinectl image-status scratch3)
 diff -r /var/tmp/scratch/ /var/lib/machines/scratch4

 # Test removal
 machinectl remove scratch4
 test ! -f /var/lib/machines/scratch4
-machinectl image-status scratch4 && { echo 'unexpected success'; exit 1; }
+(! machinectl image-status scratch4)

 # Test import-tar hyphen/stdin pipe behavior
 # shellcheck disable=SC2002
@ -138,7 +138,7 @@ rm -rf /var/tmp/scratch
 # Test removal
 machinectl remove scratch5
 test ! -f /var/lib/machines/scratch5
-machinectl image-status scratch5 && { echo 'unexpected success'; exit 1; }
+(! machinectl image-status scratch5)

 echo OK >/testok

--- a/test/units/testsuite-33.sh
+++ b/test/units/testsuite-33.sh
@ -33,7 +33,7 @@ test -d /var/lib/test-service
 test -d /var/cache/test-service
 test -d /var/log/test-service

-systemctl clean test-service && { echo 'unexpected success'; exit 1; }
+(! systemctl clean test-service)

 systemctl stop test-service

@ -108,7 +108,7 @@ test -L /var/lib/test-service
 test -L /var/cache/test-service
 test -L /var/log/test-service

-systemctl clean test-service && { echo 'unexpected success'; exit 1; }
+(! systemctl clean test-service)

 systemctl stop test-service

@ -197,7 +197,7 @@ test -d /var/lib/hoge
 test -d /var/cache/hoge
 test -d /var/log/hoge

-systemctl clean tmp-hoge.mount && { echo 'unexpected success'; exit 1; }
+(! systemctl clean tmp-hoge.mount)

 test -d /etc/hoge
 test -d /run/hoge
@ -273,7 +273,7 @@ test -d /var/lib/test-socket
 test -d /var/cache/test-socket
 test -d /var/log/test-socket

-systemctl clean test-service.socket && { echo 'unexpected success'; exit 1; }
+(! systemctl clean test-service.socket)

 systemctl stop test-service.socket

--- a/test/units/testsuite-34.sh
+++ b/test/units/testsuite-34.sh
@ -22,8 +22,7 @@ test_directory() {
    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:yyy test -f "${path}"/yyy/test
    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}=zzz:xxx zzz:xxx2" -p TemporaryFileSystem="${path}" bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test"
    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test
-    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \
-        && { echo 'unexpected success'; exit 1; }
+    (! systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing)

    test -d "${path}"/zzz
    test ! -L "${path}"/zzz
@ -47,8 +46,7 @@ test_directory() {
    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}=zzz:xxx zzz:xxx2" \
                -p TemporaryFileSystem="${path}" -p EnvironmentFile=-/usr/lib/systemd/systemd-asan-env bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test"
    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test
-    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \
-        && { echo 'unexpected success'; exit 1; }
+    (! systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=1 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing)

    test -L "${path}"/zzz
    test -d "${path}"/private/zzz
@ -71,8 +69,7 @@ test_directory() {
    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}" test -f "${path}"/xxx/test
    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}=zzz:xxx zzz:xxx2" -p TemporaryFileSystem="${path}" bash -c "test -f ${path}/xxx/test && test -f ${path}/xxx2/test"
    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz:xxx -p TemporaryFileSystem="${path}":ro test -f "${path}"/xxx/test
-    systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing \
-        && { echo 'unexpected success'; exit 1; }
+    (! systemd-run --wait -p RuntimeDirectoryPreserve=yes -p DynamicUser=0 -p "${directory}"=zzz test -f "${path}"/zzz/test-missing)

    test -d "${path}"/zzz
    test ! -L "${path}"/zzz
--- a/test/units/testsuite-35.sh
+++ b/test/units/testsuite-35.sh
@ -330,8 +330,8 @@ EOF
    systemctl restart getty@tty2.service

    # check session
-    for ((i = 0; i < 30; i++)); do
-        (( i != 0 )) && sleep 1
+    for i in {1..30}; do
+        (( i > 1 )) && sleep 1
        check_session && break
    done
    check_session
--- a/test/units/testsuite-39.sh
+++ b/test/units/testsuite-39.sh
@ -20,7 +20,7 @@ systemctl daemon-reload
 systemctl start "$SERVICE_NAME"
 systemctl status "$SERVICE_NAME"
 # The reload SHOULD fail but SHOULD NOT affect the service state
-systemctl reload "$SERVICE_NAME" && { echo 'unexpected success'; exit 1; }
+(! systemctl reload "$SERVICE_NAME")
 systemctl status "$SERVICE_NAME"
 systemctl stop "$SERVICE_NAME"

@ -38,7 +38,7 @@ systemctl daemon-reload
 systemctl start "$SERVICE_NAME"
 systemctl status "$SERVICE_NAME"
 # The reload SHOULD fail but SHOULD NOT affect the service state
-systemctl reload "$SERVICE_NAME" && { echo 'unexpected success'; exit 1; }
+(! systemctl reload "$SERVICE_NAME")
 systemctl status "$SERVICE_NAME"
 systemctl stop "$SERVICE_NAME"

--- a/test/units/testsuite-41.sh
+++ b/test/units/testsuite-41.sh
@ -9,15 +9,14 @@ MAX_SECS=60
 systemd-analyze log-level debug

 # test one: Restart=on-failure should restart the service
-systemd-run --unit=one -p Type=oneshot -p Restart=on-failure /bin/bash -c "exit 1" \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-run --unit=one -p Type=oneshot -p Restart=on-failure /bin/bash -c "exit 1")

 for ((secs = 0; secs < MAX_SECS; secs++)); do
-  [[ "$(systemctl show one.service -P NRestarts)" -le 0 ]] || break
-  sleep 1
+    [[ "$(systemctl show one.service -P NRestarts)" -le 0 ]] || break
+    sleep 1
 done
 if [[ "$(systemctl show one.service -P NRestarts)" -le 0 ]]; then
-  exit 1
+    exit 1
 fi

 TMP_FILE="/tmp/test-41-oneshot-restart-test"
@ -26,27 +25,26 @@ TMP_FILE="/tmp/test-41-oneshot-restart-test"

 # test two: make sure StartLimitBurst correctly limits the number of restarts
 # and restarts execution of the unit from the first ExecStart=
-systemd-run --unit=two \
-            -p StartLimitIntervalSec=120 \
-            -p StartLimitBurst=3 \
-            -p Type=oneshot \
-            -p Restart=on-failure \
-            -p ExecStart="/bin/bash -c \"printf a >>$TMP_FILE\"" /bin/bash -c "exit 1" \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-run --unit=two \
+        -p StartLimitIntervalSec=120 \
+        -p StartLimitBurst=3 \
+        -p Type=oneshot \
+        -p Restart=on-failure \
+        -p ExecStart="/bin/bash -c \"printf a >>$TMP_FILE\"" /bin/bash -c "exit 1")

 # wait for at least 3 restarts
 for ((secs = 0; secs < MAX_SECS; secs++)); do
-  [[ $(cat $TMP_FILE) != "aaa" ]] || break
-  sleep 1
+    [[ $(cat $TMP_FILE) != "aaa" ]] || break
+    sleep 1
 done
 if [[ $(cat $TMP_FILE) != "aaa" ]]; then
-  exit 1
+    exit 1
 fi

 # wait for 5 more seconds to make sure there aren't excess restarts
 sleep 5
 if [[ $(cat $TMP_FILE) != "aaa" ]]; then
-  exit 1
+    exit 1
 fi

 systemd-analyze log-level info
--- a/test/units/testsuite-42.sh
+++ b/test/units/testsuite-42.sh
@ -4,18 +4,20 @@ set -eux

 systemd-analyze log-level debug

-systemd-run --unit=simple1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple -p ExecStopPost='/bin/touch /run/simple1' true
+systemd-run --unit=simple1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple \
+    -p ExecStopPost='/bin/touch /run/simple1' true
 test -f /run/simple1

-systemd-run --unit=simple2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple -p ExecStopPost='/bin/touch /run/simple2' false \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-run --unit=simple2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=simple \
+    -p ExecStopPost='/bin/touch /run/simple2' false)
 test -f /run/simple2

-systemd-run --unit=exec1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec -p ExecStopPost='/bin/touch /run/exec1' sleep 1
+systemd-run --unit=exec1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec \
+    -p ExecStopPost='/bin/touch /run/exec1' sleep 1
 test -f /run/exec1

-systemd-run --unit=exec2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec -p ExecStopPost='/bin/touch /run/exec2' sh -c 'sleep 1; false' \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-run --unit=exec2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=exec \
+   -p ExecStopPost='/bin/touch /run/exec2' sh -c 'sleep 1; false')
 test -f /run/exec2

 cat >/tmp/forking1.sh <<EOF
@ -31,7 +33,8 @@ systemd-notify MAINPID=\$MAINPID
 EOF
 chmod +x /tmp/forking1.sh

-systemd-run --unit=forking1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=forking -p NotifyAccess=exec -p ExecStopPost='/bin/touch /run/forking1' /tmp/forking1.sh
+systemd-run --unit=forking1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=forking -p NotifyAccess=exec \
+        -p ExecStopPost='/bin/touch /run/forking1' /tmp/forking1.sh
 test -f /run/forking1

 cat >/tmp/forking2.sh <<EOF
@ -39,7 +42,7 @@ cat >/tmp/forking2.sh <<EOF

 set -eux

-( sleep 4; exit 1 ) &
+(sleep 4; exit 1) &
 MAINPID=\$!
 disown

@ -47,28 +50,30 @@ systemd-notify MAINPID=\$MAINPID
 EOF
 chmod +x /tmp/forking2.sh

-systemd-run --unit=forking2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=forking -p NotifyAccess=exec -p ExecStopPost='/bin/touch /run/forking2' /tmp/forking2.sh \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-run --unit=forking2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=forking -p NotifyAccess=exec \
+    -p ExecStopPost='/bin/touch /run/forking2' /tmp/forking2.sh)
 test -f /run/forking2

-systemd-run --unit=oneshot1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=oneshot -p ExecStopPost='/bin/touch /run/oneshot1' true
+systemd-run --unit=oneshot1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=oneshot \
+    -p ExecStopPost='/bin/touch /run/oneshot1' true
 test -f /run/oneshot1

-systemd-run --unit=oneshot2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=oneshot -p ExecStopPost='/bin/touch /run/oneshot2' false \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-run --unit=oneshot2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=oneshot \
+    -p ExecStopPost='/bin/touch /run/oneshot2' false)
 test -f /run/oneshot2

-systemd-run --unit=dbus1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus -p BusName=systemd.test.ExecStopPost -p ExecStopPost='/bin/touch /run/dbus1' \
-    busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus RequestName su systemd.test.ExecStopPost 4 \
-    || :
+systemd-run --unit=dbus1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus -p BusName=systemd.test.ExecStopPost \
+    -p ExecStopPost='/bin/touch /run/dbus1' \
+    busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus RequestName su systemd.test.ExecStopPost 4 || :
 test -f /run/dbus1

-systemd-run --unit=dbus2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus -p BusName=systemd.test.ExecStopPost -p ExecStopPost='/bin/touch /run/dbus2' true
+systemd-run --unit=dbus2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus -p BusName=systemd.test.ExecStopPost \
+     -p ExecStopPost='/bin/touch /run/dbus2' true
 test -f /run/dbus2

 # https://github.com/systemd/systemd/issues/19920
-systemd-run --unit=dbus3.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus -p ExecStopPost='/bin/touch /run/dbus3' true \
-     && { echo 'unexpected success'; exit 1; }
+(! systemd-run --unit=dbus3.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=dbus \
+    -p ExecStopPost='/bin/touch /run/dbus3' true)

 cat >/tmp/notify1.sh <<EOF
 #!/usr/bin/env bash
@ -79,18 +84,19 @@ systemd-notify --ready
 EOF
 chmod +x /tmp/notify1.sh

-systemd-run --unit=notify1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=notify -p ExecStopPost='/bin/touch /run/notify1' /tmp/notify1.sh
+systemd-run --unit=notify1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=notify \
+    -p ExecStopPost='/bin/touch /run/notify1' /tmp/notify1.sh
 test -f /run/notify1

-systemd-run --unit=notify2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=notify -p ExecStopPost='/bin/touch /run/notify2' true \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-run --unit=notify2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=notify \
+    -p ExecStopPost='/bin/touch /run/notify2' true)
 test -f /run/notify2

 systemd-run --unit=idle1.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=idle -p ExecStopPost='/bin/touch /run/idle1' true
 test -f /run/idle1

-systemd-run --unit=idle2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=idle -p ExecStopPost='/bin/touch /run/idle2' false \
-     && { echo 'unexpected success'; exit 1; }
+(! systemd-run --unit=idle2.service --wait -p StandardOutput=tty -p StandardError=tty -p Type=idle \
+     -p ExecStopPost='/bin/touch /run/idle2' false)
 test -f /run/idle2

 systemd-analyze log-level info
--- a/test/units/testsuite-43.sh
+++ b/test/units/testsuite-43.sh
@ -34,13 +34,12 @@ runas testuser systemd-run --wait --user --unit=test-unprotected-home \
 test -e /home/testuser/works.txt

 # Confirm that creating a file in home is blocked under read-only
-runas testuser systemd-run --wait --user --unit=test-protect-home-read-only \
+(! runas testuser systemd-run --wait --user --unit=test-protect-home-read-only \
    -p ProtectHome=read-only \
    -P bash -c '
        test -e /home/testuser/works.txt || exit 10
        touch /home/testuser/blocked.txt && exit 11
-    ' \
-        && { echo 'unexpected success'; exit 1; }
+    ')
 test ! -e /home/testuser/blocked.txt

 # Check that tmpfs hides the whole directory
@ -62,10 +61,9 @@ runas testuser systemd-run --wait --user --unit=test-protect-home-yes \
 # namespace (no CAP_SETGID in the parent namespace to write the additional
 # mapping of the user supplied group and thus cannot change groups to an
 # unmapped group ID)
-runas testuser systemd-run --wait --user --unit=test-group-fail \
+(! runas testuser systemd-run --wait --user --unit=test-group-fail \
    -p PrivateUsers=yes -p Group=daemon \
-    -P true \
-    && { echo 'unexpected success'; exit 1; }
+    -P true)

 # Check that with a new user namespace we can bind mount
 # files and use a different root directory
@ -93,31 +91,26 @@ runas testuser systemd-run --wait --user --unit=test-network \
    -p PrivateNetwork=yes \
    /bin/sh -x -c '! ip link | grep -E "^[0-9]+: " | grep -Ev ": (lo|(erspan|gre|gretap|ip_vti|ip6_vti|ip6gre|ip6tnl|sit|tunl)0@.*):"'

-runas testuser systemd-run --wait --user --unit=test-hostname \
+(! runas testuser systemd-run --wait --user --unit=test-hostname \
    -p ProtectHostname=yes \
-    hostnamectl hostname foo \
-    && { echo 'unexpected success'; exit 1; }
+    hostnamectl hostname foo)

-runas testuser systemd-run --wait --user --unit=test-clock \
+(! runas testuser systemd-run --wait --user --unit=test-clock \
    -p ProtectClock=yes \
-    timedatectl set-time "2012-10-30 18:17:16" \
-    && { echo 'unexpected success'; exit 1; }
+    timedatectl set-time "2012-10-30 18:17:16")

-runas testuser systemd-run --wait --user --unit=test-kernel-tunable \
+(! runas testuser systemd-run --wait --user --unit=test-kernel-tunable \
    -p ProtectKernelTunables=yes \
-    sh -c "echo 0 >/proc/sys/user/max_user_namespaces" \
-    && { echo 'unexpected success'; exit 1; }
+    sh -c "echo 0 >/proc/sys/user/max_user_namespaces")

-runas testuser systemd-run --wait --user --unit=test-kernel-mod \
+(! runas testuser systemd-run --wait --user --unit=test-kernel-mod \
    -p ProtectKernelModules=yes \
-    sh -c "modprobe -r overlay && modprobe overlay" \
-    && { echo 'unexpected success'; exit 1; }
+    sh -c "modprobe -r overlay && modprobe overlay")

 if sysctl kernel.dmesg_restrict=0; then
-    runas testuser systemd-run --wait --user --unit=test-kernel-log \
+    (! runas testuser systemd-run --wait --user --unit=test-kernel-log \
        -p ProtectKernelLogs=yes -p LogNamespace=yes \
-        dmesg \
-        && { echo 'unexpected success'; exit 1; }
+        dmesg)
 fi

 unsquashfs -no-xattrs -d /tmp/img /usr/share/minimal_0.raw
--- a/test/units/testsuite-44.sh
+++ b/test/units/testsuite-44.sh
@ -11,7 +11,7 @@ journalctl -o cat --namespace=foobar >/tmp/hello-world
 journalctl -o cat >/tmp/no-hello-world

 grep "^hello world$" /tmp/hello-world
-grep "^hello world$" /tmp/no-hello-world && { echo 'unexpected success'; exit 1; }
+(! grep "^hello world$" /tmp/no-hello-world)

 systemd-analyze log-level info

--- a/test/units/testsuite-45.sh
+++ b/test/units/testsuite-45.sh
@ -212,8 +212,8 @@ start_mon() {
 }

 wait_mon() {
-    for ((i = 0; i < 10; i++)); do
-        if (( i != 0 )); then sleep 1; fi
+    for i in {1..10}; do
+        (( i > 1 )) && sleep 1
        if grep -q "$1" "$mon"; then break; fi
    done
    assert_in "$2" "$(cat "$mon")"
@ -243,8 +243,8 @@ EOF

    echo 'disable NTP'
    timedatectl set-ntp false
-    for ((i = 0; i < 10; i++)); do
-        if (( i != 0 )); then sleep 1; fi
+    for i in {1..10}; do
+        (( i > 1 )) && sleep 1
        if [[ "$(systemctl show systemd-timesyncd --property ActiveState)" == "ActiveState=inactive" ]]; then
            break;
        fi
@ -258,8 +258,8 @@ EOF
    timedatectl set-ntp true
    wait_mon "NTP" "BOOLEAN true"
    assert_ntp "true"
-    for ((i = 0; i < 10; i++)); do
-        if (( i != 0 )); then sleep 1; fi
+    for i in {1..10}; do
+        (( i > 1 )) && sleep 1
        if [[ "$(systemctl show systemd-timesyncd --property ActiveState)" == "ActiveState=active" ]]; then
            break;
        fi
--- a/test/units/testsuite-46.sh
+++ b/test/units/testsuite-46.sh
@ -27,9 +27,9 @@ inspect() {
 }

 wait_for_state() {
-    for ((i = 0; i < 10; i++)) ; do
+    for i in {1..10}; do
+        (( i > 1 )) && sleep 0.5
        homectl inspect "$1" | grep -qF "State: $2" && break
-        sleep .5
    done
 }

@ -153,14 +153,12 @@ if ! systemd-detect-virt -cq ; then
 fi

 PASSWORD=xEhErW0ndafV4s homectl with test-user -- test ! -f /home/test-user/xyz
-PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz \
-    && { echo 'unexpected success'; exit 1; }
+(! PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz)
 PASSWORD=xEhErW0ndafV4s homectl with test-user -- touch /home/test-user/xyz
 PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz
 PASSWORD=xEhErW0ndafV4s homectl with test-user -- rm /home/test-user/xyz
 PASSWORD=xEhErW0ndafV4s homectl with test-user -- test ! -f /home/test-user/xyz
-PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz \
-    && { echo 'unexpected success'; exit 1; }
+(! PASSWORD=xEhErW0ndafV4s homectl with test-user -- test -f /home/test-user/xyz)

 wait_for_state test-user inactive
 homectl remove test-user
--- a/test/units/testsuite-50.sh
+++ b/test/units/testsuite-50.sh
@ -398,8 +398,8 @@ systemctl is-active testservice-50e.service

 # ExtensionDirectories will set up an overlay
 mkdir -p "${image_dir}/app0" "${image_dir}/app1" "${image_dir}/app-nodistro"
-systemd-run -P --property ExtensionDirectories="${image_dir}/nonexistent" --property RootImage="${image}.raw" cat /opt/script0.sh && { echo 'unexpected success'; exit 1; }
-systemd-run -P --property ExtensionDirectories="${image_dir}/app0" --property RootImage="${image}.raw" cat /opt/script0.sh && { echo 'unexpected success'; exit 1; }
+(! systemd-run -P --property ExtensionDirectories="${image_dir}/nonexistent" --property RootImage="${image}.raw" cat /opt/script0.sh)
+(! systemd-run -P --property ExtensionDirectories="${image_dir}/app0" --property RootImage="${image}.raw" cat /opt/script0.sh)
 systemd-dissect --mount /usr/share/app0.raw "${image_dir}/app0"
 systemd-dissect --mount /usr/share/app1.raw "${image_dir}/app1"
 systemd-dissect --mount /usr/share/app-nodistro.raw "${image_dir}/app-nodistro"
@ -446,7 +446,7 @@ mkdir -p /run/extensions/app-reject/usr/lib/{extension-release.d/,systemd/system
 echo "ID=_any" >/run/extensions/app-reject/usr/lib/extension-release.d/extension-release.app-reject
 echo "ID=_any" >/run/extensions/app-reject/usr/lib/os-release
 touch /run/extensions/app-reject/usr/lib/systemd/system/other_file
-systemd-sysext merge && { echo 'unexpected success'; exit 1; }
+(! systemd-sysext merge)
 test ! -e /usr/lib/systemd/system/some_file
 test ! -e /usr/lib/systemd/system/other_file
 systemd-sysext unmerge
@ -489,7 +489,7 @@ systemd-dissect --detach "$LOOP"
 # Note, sizeof_field(struct loop_info64, lo_file_name) == 64,
 # and --loop-ref accepts upto 63 characters, and udev creates symlink
 # based on the name when it has upto _62_ characters.
-name="$(for (( i = 0; i < 62; i++ )); do echo -n 'x'; done)"
+name="$(for _ in {1..62}; do echo -n 'x'; done)"
 LOOP="$(systemd-dissect --attach --loop-ref="$name" "${image}.raw")"
 udevadm trigger -w "$LOOP"

@ -499,7 +499,7 @@ test "/dev/loop/by-ref/$name" -ef "$LOOP"
 # Detach by the /dev/loop/by-ref symlink
 systemd-dissect --detach "/dev/loop/by-ref/$name"

-name="$(for (( i = 0; i < 63; i++ )); do echo -n 'x'; done)"
+name="$(for _ in {1..63}; do echo -n 'x'; done)"
 LOOP="$(systemd-dissect --attach --loop-ref="$name" "${image}.raw")"
 udevadm trigger -w "$LOOP"

@ -515,14 +515,14 @@ mkdir -p /run/confexts/test/etc/extension-release.d
 echo "ID=_any" >/run/confexts/test/etc/extension-release.d/extension-release.test
 echo "ARCHITECTURE=_any" >>/run/confexts/test/etc/extension-release.d/extension-release.test
 echo "MARKER_CONFEXT_123" >/run/confexts/test/etc/testfile
-cat <<EOF>/run/confexts/test/etc/testscript
+cat <<EOF >/run/confexts/test/etc/testscript
 #!/bin/bash
 echo "This should not happen"
 EOF
 chmod +x /run/confexts/test/etc/testscript
 systemd-confext merge
 grep -q -F "MARKER_CONFEXT_123" /etc/testfile
-/etc/testscript && { echo 'unexpected success'; exit 1; }
+(! /etc/testscript)
 systemd-confext status
 systemd-confext unmerge
 rm -rf /run/confexts/
--- a/test/units/testsuite-54.sh
+++ b/test/units/testsuite-54.sh
@ -7,14 +7,15 @@ systemd-analyze log-level debug

 # Verify that the creds are properly loaded and we can read them from the service's unpriv user
 systemd-run -p LoadCredential=passwd:/etc/passwd \
-            -p LoadCredential=shadow:/etc/shadow \
-            -p SetCredential=dog:wuff \
-            -p DynamicUser=1 \
-            --unit=test-54-unpriv.service \
-            --wait \
-            --pipe \
-            cat '${CREDENTIALS_DIRECTORY}/passwd' '${CREDENTIALS_DIRECTORY}/shadow' '${CREDENTIALS_DIRECTORY}/dog' >/tmp/ts54-concat
-( cat /etc/passwd /etc/shadow && echo -n wuff ) | cmp /tmp/ts54-concat
+    -p LoadCredential=shadow:/etc/shadow \
+    -p SetCredential=dog:wuff \
+    -p DynamicUser=1 \
+    --unit=test-54-unpriv.service \
+    --wait \
+    --pipe \
+    cat '${CREDENTIALS_DIRECTORY}/passwd' '${CREDENTIALS_DIRECTORY}/shadow' '${CREDENTIALS_DIRECTORY}/dog' \
+    >/tmp/ts54-concat
+(cat /etc/passwd /etc/shadow && echo -n wuff) | cmp /tmp/ts54-concat
 rm /tmp/ts54-concat

 # Test that SetCredential= acts as fallback for LoadCredential=
@ -72,22 +73,20 @@ if [ "$expected_credential" != "" ] ; then
    systemd-run -p AssertCredential="$expected_credential" -p Type=oneshot true

    # And this should fail
-    systemd-run -p AssertCredential="undefinedcredential" -p Type=oneshot true && { echo 'unexpected success'; exit 1; }
+    (! systemd-run -p AssertCredential="undefinedcredential" -p Type=oneshot true)
 fi

 # Verify that the creds are immutable
-systemd-run -p LoadCredential=passwd:/etc/passwd \
-            -p DynamicUser=1 \
-            --unit=test-54-immutable-touch.service \
-            --wait \
-            touch '${CREDENTIALS_DIRECTORY}/passwd' \
-    && { echo 'unexpected success'; exit 1; }
-systemd-run -p LoadCredential=passwd:/etc/passwd \
-            -p DynamicUser=1 \
-            --unit=test-54-immutable-rm.service \
-            --wait \
-            rm '${CREDENTIALS_DIRECTORY}/passwd' \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-run -p LoadCredential=passwd:/etc/passwd \
+    -p DynamicUser=1 \
+    --unit=test-54-immutable-touch.service \
+    --wait \
+    touch '${CREDENTIALS_DIRECTORY}/passwd')
+(! systemd-run -p LoadCredential=passwd:/etc/passwd \
+    -p DynamicUser=1 \
+    --unit=test-54-immutable-rm.service \
+    --wait \
+    rm '${CREDENTIALS_DIRECTORY}/passwd')

 # Check directory-based loading
 mkdir -p /tmp/ts54-creds/sub
@ -96,15 +95,15 @@ echo -n b >/tmp/ts54-creds/bar
 echo -n c >/tmp/ts54-creds/baz
 echo -n d >/tmp/ts54-creds/sub/qux
 systemd-run -p LoadCredential=cred:/tmp/ts54-creds \
-            -p DynamicUser=1 \
-            --unit=test-54-dir.service \
-            --wait \
-            --pipe \
-            cat '${CREDENTIALS_DIRECTORY}/cred_foo' \
-                '${CREDENTIALS_DIRECTORY}/cred_bar' \
-                '${CREDENTIALS_DIRECTORY}/cred_baz' \
-                '${CREDENTIALS_DIRECTORY}/cred_sub_qux' >/tmp/ts54-concat
-( echo -n abcd ) | cmp /tmp/ts54-concat
+    -p DynamicUser=1 \
+    --unit=test-54-dir.service \
+    --wait \
+    --pipe \
+    cat '${CREDENTIALS_DIRECTORY}/cred_foo' \
+        '${CREDENTIALS_DIRECTORY}/cred_bar' \
+        '${CREDENTIALS_DIRECTORY}/cred_baz' \
+        '${CREDENTIALS_DIRECTORY}/cred_sub_qux' >/tmp/ts54-concat
+cmp /tmp/ts54-concat <(echo -n abcd)
 rm /tmp/ts54-concat
 rm -rf /tmp/ts54-creds

@ -115,18 +114,18 @@ if systemctl --version | grep -q -- +OPENSSL ; then
    systemd-creds decrypt --name=test-54 /tmp/test-54-ciphertext | cmp /tmp/test-54-plaintext

    systemd-run -p LoadCredentialEncrypted=test-54:/tmp/test-54-ciphertext \
-                --wait \
-                --pipe \
-                cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext
+        --wait \
+        --pipe \
+        cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext

    echo -n $RANDOM >/tmp/test-54-plaintext
    systemd-creds encrypt --name=test-54 /tmp/test-54-plaintext /tmp/test-54-ciphertext
    systemd-creds decrypt --name=test-54 /tmp/test-54-ciphertext | cmp /tmp/test-54-plaintext

    systemd-run -p SetCredentialEncrypted=test-54:"$(cat /tmp/test-54-ciphertext)" \
-                --wait \
-                --pipe \
-                cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext
+        --wait \
+        --pipe \
+        cat '${CREDENTIALS_DIRECTORY}/test-54' | cmp /tmp/test-54-plaintext

    rm /tmp/test-54-plaintext /tmp/test-54-ciphertext
 fi
--- a/test/units/testsuite-56.sh
+++ b/test/units/testsuite-56.sh
@ -35,15 +35,13 @@ systemd-run --wait --unit=two -p Type=notify -p ExitType=cgroup \
    /tmp/test56-exit-cgroup.sh 'systemctl stop two'

 # false exec condition: systemd-run should exit immediately with status code: 1
-systemd-run --wait --unit=three -p Type=notify -p ExitType=cgroup \
+(! systemd-run --wait --unit=three -p Type=notify -p ExitType=cgroup \
    -p ExecCondition=false \
-    /tmp/test56-exit-cgroup.sh \
-    && { echo 'unexpected success'; exit 1; }
+    /tmp/test56-exit-cgroup.sh)

 # service should exit uncleanly (main process exits with SIGKILL)
-systemd-run --wait --unit=four -p Type=notify -p ExitType=cgroup \
-    /tmp/test56-exit-cgroup.sh 'systemctl kill --signal 9 four' \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-run --wait --unit=four -p Type=notify -p ExitType=cgroup \
+    /tmp/test56-exit-cgroup.sh 'systemctl kill --signal 9 four')


 # Multiple level process tree, parent process exits quickly
--- a/test/units/testsuite-60.sh
+++ b/test/units/testsuite-60.sh
@ -181,7 +181,7 @@ EOF
    # Trigger the mount ratelimiting
    cd "$(mktemp -d)"
    mkdir foo
-    for ((i = 0; i < 50; i++)); do
+    for _ in {1..50}; do
        mount --bind foo foo
        umount foo
    done
@ -225,7 +225,7 @@ EOF
    # shellcheck disable=SC2064
    trap "rm -f /run/systemd/system/tmp-hoge.mount '$mount_mytmpfs'" RETURN

-    for ((i = 0; i < 10; i++)); do
+    for _ in {1..10}; do
        systemctl --no-block start tmp-hoge.mount
        sleep ".$RANDOM"
        systemctl daemon-reexec
--- a/test/units/testsuite-64.sh
+++ b/test/units/testsuite-64.sh
@ -158,11 +158,11 @@ helper_check_device_units() {(

    local i

-    for (( i = 0; i < 20; i++ )); do
+    for i in {1..20}; do
+        (( i > 1 )) && sleep 0.5
        if check_device_units 0 "$@"; then
            return 0
        fi
-        sleep .5
    done

    check_device_units 1 "$@"
--- a/test/units/testsuite-65.sh
+++ b/test/units/testsuite-65.sh
@ -179,16 +179,13 @@ EOF

 set +e
 # Default behaviour is to recurse through all dependencies when unit is loaded
-systemd-analyze verify --root=/tmp/img/ testfile.service \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-analyze verify --root=/tmp/img/ testfile.service)

 # As above, recurses through all dependencies when unit is loaded
-systemd-analyze verify --recursive-errors=yes --root=/tmp/img/ testfile.service \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-analyze verify --recursive-errors=yes --root=/tmp/img/ testfile.service)

 # Recurses through unit file and its direct dependencies when unit is loaded
-systemd-analyze verify --recursive-errors=one --root=/tmp/img/ testfile.service \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-analyze verify --recursive-errors=one --root=/tmp/img/ testfile.service)

 set -e

@ -218,8 +215,7 @@ systemd-analyze verify --recursive-errors=no /tmp/testfile2.service

 set +e
 # Non-zero exit status since all associated dependencies are recursively loaded when the unit file is loaded
-systemd-analyze verify --recursive-errors=yes /tmp/testfile2.service \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-analyze verify --recursive-errors=yes /tmp/testfile2.service)
 set -e

 rm /tmp/testfile.service
@ -241,19 +237,15 @@ rm /tmp/.testfile.service
 # Alias a unit file's name on disk (see #20061)
 cp /tmp/testfile.service /tmp/testsrvc

-systemd-analyze verify /tmp/testsrvc \
-    && { echo 'unexpected success'; exit 1; }
+(! systemd-analyze verify /tmp/testsrvc)

 systemd-analyze verify /tmp/testsrvc:alias.service

 # Zero exit status since the value used for comparison determine exposure to security threats is by default 100
 systemd-analyze security --offline=true /tmp/testfile.service

-set +e
 #The overall exposure level assigned to the unit is greater than the set threshold
-systemd-analyze security --threshold=90 --offline=true /tmp/testfile.service \
-    && { echo 'unexpected success'; exit 1; }
-set -e
+(! systemd-analyze security --threshold=90 --offline=true /tmp/testfile.service)

 # Ensure we print the list of ACLs, see https://github.com/systemd/systemd/issues/23185
 systemd-analyze security --offline=true /tmp/testfile.service | grep -q -F "/dev/sda"
@ -744,19 +736,15 @@ systemd-analyze security --threshold=25 --offline=true \
                           --profile=strict \
                           --root=/tmp/img/ testfile.service

-set +e
 # The trusted profile doesn't add any sanboxing options
-systemd-analyze security --threshold=25 --offline=true \
+(! systemd-analyze security --threshold=25 --offline=true \
                           --security-policy=/tmp/testfile.json \
                           --profile=/usr/lib/systemd/portable/profile/trusted/service.conf \
-                           --root=/tmp/img/ testfile.service \
-    && { echo 'unexpected success'; exit 1; }
+                           --root=/tmp/img/ testfile.service)

-systemd-analyze security --threshold=50 --offline=true \
+(! systemd-analyze security --threshold=50 --offline=true \
                           --security-policy=/tmp/testfile.json \
-                           --root=/tmp/img/ testfile.service \
-    && { echo 'unexpected success'; exit 1; }
-set -e
+                           --root=/tmp/img/ testfile.service)

 rm /tmp/img/usr/lib/systemd/system/testfile.service

@ -833,7 +821,7 @@ systemd-analyze image-policy 'home=encrypted:usr=verity' 2>&1 | grep -q -e '^usr
 systemd-analyze image-policy 'home=encrypted:usr=verity' 2>&1 | grep -q -e '^root \+ignore \+'
 systemd-analyze image-policy 'home=encrypted:usr=verity' 2>&1 | grep -q -e '^usr-verity \+unprotected \+'

-(! systemd-analyze image-policy 'doedel' )
+(! systemd-analyze image-policy 'doedel')

 systemd-analyze log-level info

--- a/test/units/testsuite-70.sh
+++ b/test/units/testsuite-70.sh
@ -15,42 +15,42 @@ cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-uran
 systemd-cryptenroll --unlock-key-file=/tmp/passphrase --tpm2-device=auto $img

 # Enroll unlock with default PCR policy
-env PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto $img
+PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto $img
 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1
 /usr/lib/systemd/systemd-cryptsetup detach test-volume

 # Check with wrong PCR
 tpm2_pcrextend 7:sha256=0000000000000000000000000000000000000000000000000000000000000000
-/usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 && { echo 'unexpected success'; exit 1; }
+(! /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1)

 # Enroll unlock with PCR+PIN policy
 systemd-cryptenroll --wipe-slot=tpm2 $img
-env PASSWORD=passphrase NEWPIN=123456 systemd-cryptenroll --tpm2-device=auto --tpm2-with-pin=true $img
-env PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1
+PASSWORD=passphrase NEWPIN=123456 systemd-cryptenroll --tpm2-device=auto --tpm2-with-pin=true $img
+PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1
 /usr/lib/systemd/systemd-cryptsetup detach test-volume

 # Check failure with wrong PIN
-env PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 && { echo 'unexpected success'; exit 1; }
+(! PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1)

 # Check LUKS2 token plugin unlock (i.e. without specifying tpm2-device=auto)
 if cryptsetup --help | grep -q 'LUKS2 external token plugin support is compiled-in' && \
         [ -f "$(cryptsetup --help | sed -n -r 's/.*LUKS2 external token plugin path: (.*)\./\1/p')/libcryptsetup-token-systemd-tpm2.so" ]; then
-    env PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - headless=1
+    PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - headless=1
    /usr/lib/systemd/systemd-cryptsetup detach test-volume

    # Check failure with wrong PIN
-    env PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - headless=1 && { echo 'unexpected success'; exit 1; }
+    (! PIN=123457 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - headless=1)
 else
    echo 'cryptsetup has no LUKS2 token plugin support, skipping'
 fi

 # Check failure with wrong PCR (and correct PIN)
 tpm2_pcrextend 7:sha256=0000000000000000000000000000000000000000000000000000000000000000
-env PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1 && { echo 'unexpected success'; exit 1; }
+(! PIN=123456 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1)

 # Enroll unlock with PCR 0+7
 systemd-cryptenroll --wipe-slot=tpm2 $img
-env PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 $img
+PASSWORD=passphrase systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 $img
 /usr/lib/systemd/systemd-cryptsetup attach test-volume $img - tpm2-device=auto,headless=1
 /usr/lib/systemd/systemd-cryptsetup detach test-volume

@ -119,7 +119,7 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \

    # Invalidate PCR, decrypting should fail now
    tpm2_pcrextend 11:sha256=0000000000000000000000000000000000000000000000000000000000000000
-    systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" >/dev/null && { echo 'unexpected success'; exit 1; }
+    (! systemd-creds decrypt /tmp/pcrtestdata.encrypted - --tpm2-signature="/tmp/pcrsign.sig" >/dev/null)

    # Sign new PCR state, decrypting should work now.
    /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig2"
@ -146,8 +146,8 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \

    # After extending the PCR things should fail
    tpm2_pcrextend 11:sha256=0000000000000000000000000000000000000000000000000000000000000000
-    SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 && { echo 'unexpected success'; exit 1; }
-    SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1 && { echo 'unexpected success'; exit 1; }
+    (! SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1)
+    (! SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=1 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig2",headless=1)

    # But once we sign the current PCRs, we should be able to unlock again
    /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=: >"/tmp/pcrsign.sig3"
@ -162,7 +162,7 @@ if [ -e /usr/lib/systemd/systemd-measure ] && \

    # Sign one more phase, this should
    /usr/lib/systemd/systemd-measure sign --current "${MEASURE_BANKS[@]}" --private-key="/tmp/pcrsign-private.pem" --public-key="/tmp/pcrsign-public.pem" --phase=quux:waldo --append="/tmp/pcrsign.sig4" >"/tmp/pcrsign.sig5"
-    ( ! cmp "/tmp/pcrsign.sig4" "/tmp/pcrsign.sig5" )
+    (! cmp "/tmp/pcrsign.sig4" "/tmp/pcrsign.sig5")

    # Should still be good to unlock, given the old entry still exists
    SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE=0 /usr/lib/systemd/systemd-cryptsetup attach test-volume2 $img - tpm2-device=auto,tpm2-signature="/tmp/pcrsign.sig5",headless=1
@ -226,63 +226,63 @@ echo -n password >/tmp/password
 cryptsetup luksFormat -q --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --use-urandom $img_2 /tmp/password

 #boolean_arguments
-systemd-cryptenroll --fido2-with-client-pin=false && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --fido2-with-client-pin=false)

-systemd-cryptenroll --fido2-with-user-presence=f $img_2 /tmp/foo && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --fido2-with-user-presence=f $img_2 /tmp/foo)

-systemd-cryptenroll --fido2-with-client-pin=1234 $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --fido2-with-client-pin=1234 $img_2)

 systemd-cryptenroll --fido2-with-client-pin=false $img_2

-systemd-cryptenroll --fido2-with-user-presence=1234 $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --fido2-with-user-presence=1234 $img_2)

 systemd-cryptenroll --fido2-with-user-presence=false $img_2

-systemd-cryptenroll --fido2-with-user-verification=1234 $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --fido2-with-user-verification=1234 $img_2)

-systemd-cryptenroll --tpm2-with-pin=1234 $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --tpm2-with-pin=1234 $img_2)

 systemd-cryptenroll --fido2-with-user-verification=false $img_2

 #arg_enroll_type
-systemd-cryptenroll --recovery-key --password $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --recovery-key --password $img_2)

-systemd-cryptenroll --password --recovery-key $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --password --recovery-key $img_2)

-systemd-cryptenroll --password --fido2-device=auto $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --password --fido2-device=auto $img_2)

-systemd-cryptenroll --password --pkcs11-token-uri=auto $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --password --pkcs11-token-uri=auto $img_2)

-systemd-cryptenroll --password --tpm2-device=auto $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --password --tpm2-device=auto $img_2)

 #arg_unlock_type
-systemd-cryptenroll --unlock-fido2-device=auto --unlock-fido2-device=auto $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --unlock-fido2-device=auto --unlock-fido2-device=auto $img_2)

-systemd-cryptenroll --unlock-fido2-device=auto --unlock-key-file=/tmp/unlock $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --unlock-fido2-device=auto --unlock-key-file=/tmp/unlock $img_2)

 #fido2_cred_algorithm
-systemd-cryptenroll --fido2-credential-algorithm=es512 $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --fido2-credential-algorithm=es512 $img_2)

 #tpm2_errors
-systemd-cryptenroll --tpm2-public-key-pcrs=key $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --tpm2-public-key-pcrs=key $img_2)

-systemd-cryptenroll --tpm2-pcrs=key $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --tpm2-pcrs=key $img_2)

-systemd-cryptenroll --tpm2-pcrs=44+8 $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --tpm2-pcrs=44+8 $img_2)

 systemd-cryptenroll --tpm2-pcrs=8 $img_2

-systemd-cryptenroll --tpm2-pcrs=hello $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --tpm2-pcrs=hello $img_2)

 systemd-cryptenroll --tpm2-pcrs=boot-loader-code+boot-loader-config $img_2

 #wipe_slots
-systemd-cryptenroll --wipe-slot $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --wipe-slot $img_2)

-systemd-cryptenroll --wipe-slot=10240000 $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --wipe-slot=10240000 $img_2)

 #fido2_multiple_auto
-systemd-cryptenroll --fido2-device=auto --unlock-fido2-device=auto $img_2 && { echo 'unexpected success'; exit 1; }
+(! systemd-cryptenroll --fido2-device=auto --unlock-fido2-device=auto $img_2)

 echo OK >/testok

--- a/test/units/testsuite-73.sh
+++ b/test/units/testsuite-73.sh
@ -206,8 +206,8 @@ restore_keymap() {

 wait_vconsole_setup() {
    local i ss
-    for ((i = 0; i < 20; i++)); do
-        if (( i != 0 )); then sleep .5; fi
+    for i in {1..20}; do
+        (( i > 1 )) && sleep 0.5
        ss="$(systemctl --property SubState --value show systemd-vconsole-setup.service)"
        if [[ "$ss" == "exited" || "$ss" == "dead" || "$ss" == "condition" ]]; then
            return 0