core: don't persist secret-key for tests

Tests might access the secret-key.

For CI builds we may very well build NM as root and also run
unit tests. In such a situation it's bad to persist the secret
key. For example, the SELinux label may be wrong, and subsequently
starting NetworkManager may cause errors. Avoid persisting the secret
key for tests.

2 files changed, 8 insertions, 6 deletions

diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c
index fc78a83fdc..436925ee26 100644
--- a/src/nm-core-utils.c
+++ b/src/nm-core-utils.c
@@ -2511,6 +2511,12 @@ _secret_key_read (guint8 **out_secret_key,
 		goto out;
 	}
 
+	if (nm_utils_get_testing ()) {
+		/* for test code, we don't write the generated secret-key to disk. */
+		success = FALSE;
+		goto out;
+	}
+
 	if (!nm_utils_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, 0077, &error)) {
 		nm_log_warn (LOGD_CORE, "secret-key: failure to persist secret key in \"%s\" (%s) (use non-persistent key)",
 		             NMSTATEDIR "/secret_key", error->message);
diff --git a/src/tests/test-general.c b/src/tests/test-general.c
index 3b2cccd219..51377c530d 100644
--- a/src/tests/test-general.c
+++ b/src/tests/test-general.c
@@ -1922,12 +1922,8 @@ test_machine_id_read (void)
 
 	logstate = nmtst_logging_disable (FALSE);
 	/* If you run this test as root, without a valid /etc/machine-id,
-	 * the code will try to get the secret-key (and possibly attempt
-	 * to write it).
-	 *
-	 * That's especially ugly, if you run the test as root and it writes
-	 * a new "/var/lib/NetworkManager/secret_key" file. Another reason
-	 * not to run tests as root. */
+	 * the code will try to get the secret-key. That is a bit ugly,
+	 * but no real problem. */
 	machine_id = nm_utils_machine_id_bin ();
 	nmtst_logging_reenable (logstate);