Reduce cardano-node key file permissions for tests

The node is now refusing to start with other-user-readable key files.
cardano-foundation · Nov 27, 2020 · 2937383 · 2937383
1 parent 8a82455
commit 2937383
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/lib/shelley/cardano-wallet.cabal b/lib/shelley/cardano-wallet.cabal
@@ -81,6 +81,7 @@ library
     , text-class
     , time
     , transformers
+    , unix
     , unordered-containers
     , vector
     , warp

diff --git a/lib/shelley/src/Cardano/Wallet/Shelley/Launch.hs b/lib/shelley/src/Cardano/Wallet/Shelley/Launch.hs
@@ -195,6 +195,8 @@ import System.IO.Temp
     ( createTempDirectory, getCanonicalTemporaryDirectory, withTempDirectory )
 import System.IO.Unsafe
     ( unsafePerformIO )
+import System.Posix.Files
+    ( ownerReadMode, setFileMode )
 import System.Process
     ( readProcess, readProcessWithExitCode )
 import Test.Utils.Paths
@@ -663,14 +665,20 @@ withBFTNode tr baseDir params action =
         createDirectoryIfMissing False dir
         source <- getShelleyTestDataPath
 
+        let copyKeyFile f = do
+                let dst = dir </> f
+                copyFile (source </> f) dst
+                setFileMode dst ownerReadMode
+                pure dst
+
         [bftCert, bftPrv, vrfPrv, kesPrv, opCert] <- forM
             [ "bft-leader" <> ".byron.cert"
             , "bft-leader" <> ".byron.skey"
             , "bft-leader" <> ".vrf.skey"
             , "bft-leader" <> ".kes.skey"
             , "bft-leader" <> ".opcert"
             ]
-            (\f -> copyFile (source </> f) (dir </> f) $> (dir </> f))
+            copyKeyFile
 
         let extraLogFile = (fmap (first (</> (name ++ ".log"))) logDir)
         (config, block0, networkParams, versionData)