diff options
author | Thomas Haller <thaller@redhat.com> | 2018-11-13 18:50:01 +0100 |
---|---|---|
committer | Thomas Haller <thaller@redhat.com> | 2018-11-13 19:08:26 +0100 |
commit | 581e1c3269d420f09b9f29d2afb7269642dfb854 (patch) | |
tree | 386f7a41b4d9d164f49883fd085e640789d1eff6 | |
parent | 830831126430fbd24392dd8bebb6e2c2d50b7787 (diff) | |
download | NetworkManager-581e1c3269d420f09b9f29d2afb7269642dfb854.tar.gz |
core: don't persist secret-key for tests
Tests might access the secret-key.
For CI builds we may very well build NM as root and also run
unit tests. In such a situation it's bad to persist the secret
key. For example, the SELinux label may be wrong, and subsequently
starting NetworkManager may cause errors. Avoid persisting the secret
key for tests.
-rw-r--r-- | src/nm-core-utils.c | 6 | ||||
-rw-r--r-- | src/tests/test-general.c | 8 |
2 files changed, 8 insertions, 6 deletions
diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c index fc78a83fdc..436925ee26 100644 --- a/src/nm-core-utils.c +++ b/src/nm-core-utils.c @@ -2511,6 +2511,12 @@ _secret_key_read (guint8 **out_secret_key, goto out; } + if (nm_utils_get_testing ()) { + /* for test code, we don't write the generated secret-key to disk. */ + success = FALSE; + goto out; + } + if (!nm_utils_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, 0077, &error)) { nm_log_warn (LOGD_CORE, "secret-key: failure to persist secret key in \"%s\" (%s) (use non-persistent key)", NMSTATEDIR "/secret_key", error->message); diff --git a/src/tests/test-general.c b/src/tests/test-general.c index 3b2cccd219..51377c530d 100644 --- a/src/tests/test-general.c +++ b/src/tests/test-general.c @@ -1922,12 +1922,8 @@ test_machine_id_read (void) logstate = nmtst_logging_disable (FALSE); /* If you run this test as root, without a valid /etc/machine-id, - * the code will try to get the secret-key (and possibly attempt - * to write it). - * - * That's especially ugly, if you run the test as root and it writes - * a new "/var/lib/NetworkManager/secret_key" file. Another reason - * not to run tests as root. */ + * the code will try to get the secret-key. That is a bit ugly, + * but no real problem. */ machine_id = nm_utils_machine_id_bin (); nmtst_logging_reenable (logstate); |