Skip to content

NetworkManager 1.40 compat & file permission fixes (LP: #1862600, LP: #1997348)#300

Merged
slyon merged 3 commits intomainfrom
slyon/nm140-compat
Nov 29, 2022
Merged

NetworkManager 1.40 compat & file permission fixes (LP: #1862600, LP: #1997348)#300
slyon merged 3 commits intomainfrom
slyon/nm140-compat

Conversation

@slyon
Copy link
Copy Markdown
Contributor

@slyon slyon commented Nov 24, 2022

Description

  • add default "wakeonlan" settings for ethernet devices only (NetworkManager 1.40 compat)
  • Write YAML files using 0o600 permission
  • YAML files written by the user or a (external) tool (e.g. "netplan set", NetworkManager, subiquity, ...) can contain sensitive information (e.g. WiFi passwords), so should stay secret (root/owner read-only).

Checklist

  • Runs make check successfully.
  • Retains 100% code coverage (make check-coverage).
  • New/changed keys in YAML format are documented.
  • (Optional) Adds example YAML for new feature.
  • (Optional) Closes an open bug in Launchpad. LP#1997348, LP#1862600

slyon added 2 commits November 24, 2022 12:28
@slyon
src:parse-nm: add default wakeonlan setting only for ethernet devices
77df784 
Starting with NM 1.40 keyfiles can contain an empty [ethernet] section, even
on non-ethernet devices (e.g. bridges), but Netplan's "wakeonlan" setting is
not supported on those.
@slyon
src:netplan:abi_compat: use owner (root) read-only permissions
de4a2a7 
The YAML files written might contain sensitive information, such as WiFi
passwords. Therefore, they should be root/owner read-only by default.
@slyon slyon requested a review from daniloegea November 24, 2022 13:59
@slyon slyon changed the title NetworkManager 1.40 compat & file permission fixes ((LP: #1862600, LP: #1997348) NetworkManager 1.40 compat & file permission fixes (LP: #1862600, LP: #1997348) Nov 24, 2022
daniloegea
daniloegea reviewed Nov 24, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@daniloegea daniloegea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

It just broke autopkgtest I guess due to the new output.

Comment thread src/parse.c Outdated
@slyon slyon force-pushed the slyon/nm140-compat branch from f0c6ab7 to 0015204 Compare November 29, 2022 13:41
@slyon
src:parse: Log a warning on weak .yaml file permissions (LP: #1862600)
2e09c43 
YAML files written by the user or a (external) tool (e.g. "netplan set",
NetworkManager, subiquity, ...) can contain sensitive information (e.g. WiFi
passwords), so should stay secret (root/owner read-only).
@slyon slyon force-pushed the slyon/nm140-compat branch from 0015204 to 2e09c43 Compare November 29, 2022 14:15
@slyon slyon requested a review from daniloegea November 29, 2022 15:51
@slyon
Copy link
Copy Markdown
Contributor Author

slyon commented Nov 29, 2022

Thanks for your review @daniloegea! I think I addressed all of your comments.
PTAL.

daniloegea
daniloegea approved these changes Nov 29, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@daniloegea daniloegea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. lgtm

@slyon slyon merged commit eda0e9c into main Nov 29, 2022
@slyon slyon deleted the slyon/nm140-compat branch November 29, 2022 16:09
@ubuntu-server-builder ubuntu-server-builder mentioned this pull request May 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@daniloegea daniloegea daniloegea approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@slyon @daniloegea