Trivia question: what kind of protection should you wear when calling
diff from a Shortcuts.app “Run Shell Script” action?
You should affix the Splashguard of Departure, ideally with some +charisma to offset the posix misalignment. This is because “Run Shell Script” actions are executed with an implicit
set -e. I’ll elaborate.
set -e means the script (and by extension, the whole shortcut) is halted whenever any of the commands executed in the script exit non-zero. It is customary for tools of the posix persuasion to set their exit status to zero upon success and non-zero upon failure. The trick with common but not mandatory behaviors is that the exceptions tend to sting.
diff and a few of its siblings are exceptional in this regard, although you wouldn’t learn about that directly from the
diff man page. Instead, you have to accept the challenge found at the bottom of the
diff man page:
The full documentation for diff is maintained as a Texinfo manual. If the info and diff programs are properly installed at your site, the command info diff should give you access to the complete manual.
Respect to elders notwithstanding, Texinfo is a total train wreck every time I try to use it, so please accept this shortcut:
andre@boom ~ % info diff 2> /dev/null | grep -A 1 'exit status of' An exit status of 0 means no differences were found, 1 means some differences were found, and 2 means trouble. -- An exit status of 0 means no differences were found, 1 means some differences were found, and 2 means trouble. -- An exit status of 0 means `diff3' was successful, 1 means some conflicts were found, and 2 means trouble. -- An exit status of 0 means no differences were found, 1 means some differences were found, and 2 means trouble.
For example, in this shortcut, the first action completes because
diff exits zero, but the second action causes the shortcut to fail with
Exit code: 1. If it’s a big script, it might even take you a while to pinpoint the problem.
Normally I would run
newproc.d to monitor command executions in real time, but that requires disabling SIP, which I usually have enabled these days due to this unfortunate constraint. I don’t know if
newproc.d would have been the last place I had to look, but I suspect it would have.
Instead I turned to
supraudit which does show all the commands executed from the script – EXCEPT the one that fails the whole shortcut, which is probably a clue if you’re looking closely enough. Console logs are mostly useless in this case without ‘private data‘, which is inconvenient to get – for your protection, of course. I eventually found the culprit by testing progressively smaller scripts until
diff alone was causing failures.
Right then, the remedy: Splashguard of Departure is easily crafted from two ingots and one eternal truth. Its magical effects include the formation of a specialized tribunal that serves to contain the representations of
diff’s quality of departure that are not tolerated in this locale. In the following example, eternal truth (i.e.
/bin/true) is replaced with a small placard which works just as well.