From e576ebe8f7f3d88d20a5bc01b68e08fd370455fa Mon Sep 17 00:00:00 2001
From: Mike Owen <mikeowen@amazon.com>
Date: Wed, 25 Mar 2026 15:10:12 +0000
Subject: [PATCH 1/2] fix(lib): return success from maybe_reload_networkd when
 no reload is needed

maybe_reload_networkd runs under an EXIT trap with set -e. The branch that skips networkctl reload used `[ -v EC2_IF_INITIAL_SETUP ] && debug ...`. When EC2_IF_INITIAL_SETUP is unset (typical refresh runs), the test fails with status 1, the trap returns non-zero, and systemd reports failure even though setup-policy-routes completed successfully.
---
 lib/lib.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/lib.sh b/lib/lib.sh
index efc2ef3..5ec33ec 100644
--- a/lib/lib.sh
+++ b/lib/lib.sh
@@ -617,7 +617,9 @@ maybe_reload_networkd() {
             networkctl reload
             debug "Reloaded networkd"
         else
-            [ -v EC2_IF_INITIAL_SETUP ] && debug "No networkd reload needed"
+            if [ -v EC2_IF_INITIAL_SETUP ]; then
+                debug "No networkd reload needed"
+            fi
         fi
     else
         debug "Deferring networkd reload to another process"

From 362191eaa424ad7b6c33eaf1f0372e5705cbb050 Mon Sep 17 00:00:00 2001
From: Mike Owen <mikeowen@amazon.com>
Date: Wed, 25 Mar 2026 16:52:02 +0000
Subject: [PATCH 2/2] Refactor debug logging for EC2_IF_INITIAL_SETUP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Addressed review: applied the same fix as in #144’s intent everywhere [ -v EC2_IF_INITIAL_SETUP ] && debug appears in lib/lib.sh (get_meta, maybe_reload_networkd else branch, and the EXIT trap in register_networkd_reloader) so none of these return non-zero when the variable is unset under set -e.
---
 lib/lib.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/lib.sh b/lib/lib.sh
index 5ec33ec..663eacd 100644
--- a/lib/lib.sh
+++ b/lib/lib.sh
@@ -140,7 +140,9 @@ get_meta() {
     local key=$1
     local max_tries=${2:-10}
     declare -i attempts=0
-    [ -v EC2_IF_INITIAL_SETUP ] && debug "[get_meta] Querying IMDS for ${key}"
+    if [ -v EC2_IF_INITIAL_SETUP ]; then
+        debug "[get_meta] Querying IMDS for ${key}"
+    fi
 
     if [[ -z $imds_endpoint || -z $imds_token || -z $imds_interface ]]; then
         error "[get_meta] Unable to obtain IMDS token, endpoint, or interface"
@@ -640,7 +642,7 @@ register_networkd_reloader() {
     while [ $cnt -lt $max ]; do
         cnt+=1
         mkdir -p "$lockdir"
-        trap '[ -v EC2_IF_INITIAL_SETUP ] && debug "Called trap" ; maybe_reload_networkd' EXIT
+        trap 'if [ -v EC2_IF_INITIAL_SETUP ]; then debug "Called trap"; fi; maybe_reload_networkd' EXIT
         # If the redirect fails, most likely because the target file
         # already exists and -o noclobber is in effect, $? will be set
         # nonzero.  If it succeeds, it is set to 0