Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NetworkManager 1.40 compat & file permission fixes (LP: #1862600, LP: #1997348) #300

Merged
merged 3 commits into from
Nov 29, 2022
Merged

NetworkManager 1.40 compat & file permission fixes (LP: #1862600, LP: #1997348) #300

merged 3 commits into from
Nov 29, 2022

Conversation

slyon
Copy link
Collaborator

@slyon slyon commented Nov 24, 2022

Description

  • add default "wakeonlan" settings for ethernet devices only (NetworkManager 1.40 compat)
  • Write YAML files using 0o600 permission
  • YAML files written by the user or a (external) tool (e.g. "netplan set", NetworkManager, subiquity, ...) can contain sensitive information (e.g. WiFi passwords), so should stay secret (root/owner read-only).

Checklist

  • Runs make check successfully.
  • Retains 100% code coverage (make check-coverage).
  • New/changed keys in YAML format are documented.
  • (Optional) Adds example YAML for new feature.
  • (Optional) Closes an open bug in Launchpad. LP#1997348, LP#1862600

@slyon
src:parse-nm: add default wakeonlan setting only for ethernet devices
77df784 
Starting with NM 1.40 keyfiles can contain an empty [ethernet] section, even
on non-ethernet devices (e.g. bridges), but Netplan's "wakeonlan" setting is
not supported on those.
@slyon
src:netplan:abi_compat: use owner (root) read-only permissions
de4a2a7 
The YAML files written might contain sensitive information, such as WiFi
passwords. Therefore, they should be root/owner read-only by default.
@slyon slyon changed the title NetworkManager 1.40 compat & file permission fixes ((LP: #1862600, LP: #1997348) NetworkManager 1.40 compat & file permission fixes (LP: #1862600, LP: #1997348) Nov 24, 2022
daniloegea
daniloegea reviewed Nov 24, 2022
View reviewed changes
Copy link
Collaborator

@daniloegea daniloegea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

It just broke autopkgtest I guess due to the new output.

src/parse.c Outdated Show resolved Hide resolved
@slyon
src:parse: Log a warning on weak .yaml file permissions (LP: #1862600)
2e09c43 
YAML files written by the user or a (external) tool (e.g. "netplan set",
NetworkManager, subiquity, ...) can contain sensitive information (e.g. WiFi
passwords), so should stay secret (root/owner read-only).
@slyon
Copy link
Collaborator Author

slyon commented Nov 29, 2022

Thanks for your review @daniloegea! I think I addressed all of your comments.
PTAL.

daniloegea
daniloegea approved these changes Nov 29, 2022
View reviewed changes
Copy link
Collaborator

@daniloegea daniloegea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. lgtm

@slyon slyon merged commit eda0e9c into main Nov 29, 2022
@slyon slyon deleted the slyon/nm140-compat branch November 29, 2022 16:09
@ubuntu-server-builder ubuntu-server-builder mentioned this pull request May 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@daniloegea daniloegea daniloegea approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@slyon @daniloegea