From a364c1ee7f2ebfd5d55535d8239fd76aba475a6f Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Sat, 11 Jul 2026 06:01:17 -0500 Subject: test(net): add the doctor control-plane repair scenarios and runner net Phase 1's three privileged fixes (unmask-nm, disable-rival, chmod-keyfile) can't be verified against fakes past the point where real sudo and a running NetworkManager matter, and the broken states they repair are too dangerous to stage on a daily driver. I added the live-verification harness they need. Three scenario files encode the break/fix/assert for each: mask NetworkManager, enable a rival dhcpcd, and chmod a profile keyfile to 0644, then run the real net doctor --fix and assert the repair. Each also names the read-only diagnose verdict it expects, so a run that breaks catches whether the fault is in the diagnosis or the fix. run-net-scenarios.sh rsyncs the net and panelkit trees into a target VM over ssh and drives the scenarios there. The target is a booted VM, not a container: NetworkManager needs a real kernel and network stack to actually run, so an nspawn container can only show the filesystem-level half (the mask symlink, the keyfile mode) and not "NM is active". A disposable VM you revert is the right environment. The scenario break/fix/assert logic is the reviewed part. The ssh transport plumbing hasn't been exercised against a live target yet, so it's marked first-draft and may need a shakeout on the first real run. The by-hand equivalent already lives in the manual-testing checklist. --- scripts/testing/net-scenarios/30-keyfile-perms.sh | 30 +++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 scripts/testing/net-scenarios/30-keyfile-perms.sh (limited to 'scripts/testing/net-scenarios/30-keyfile-perms.sh') diff --git a/scripts/testing/net-scenarios/30-keyfile-perms.sh b/scripts/testing/net-scenarios/30-keyfile-perms.sh new file mode 100644 index 0000000..8149f87 --- /dev/null +++ b/scripts/testing/net-scenarios/30-keyfile-perms.sh @@ -0,0 +1,30 @@ +# shellcheck shell=bash disable=SC2034 # sourced by run-net-scenarios.sh +# Scenario: a profile keyfile with unsafe permissions is set back to 0600 root. +# +# NetworkManager silently ignores a world-readable keyfile, so the profile +# never activates. Break by chmod 0644 on an existing profile's keyfile; the +# fix chmods it back to 0600 root. The doctor must run as root to read the +# keyfile dir, so this scenario runs the doctor with sudo. Requires at least +# one saved profile in the target (NET_SCENARIO_PROFILE names it). +SCENARIO_DESC="an unsafe-perms profile keyfile is restored to 0600 root" +SCENARIO_GROUP="control-plane" + +_keyfile() { + echo "/etc/NetworkManager/system-connections/${NET_SCENARIO_PROFILE:?set NET_SCENARIO_PROFILE to a saved profile name}.nmconnection" +} + +scenario_break() { + nexec "chmod 0644 '$(_keyfile)'" +} + +scenario_diagnose_expect() { + ndoctor_json ".report.control_plane.keyfile.perms_ok" | grep -qx false +} + +scenario_fix() { + nfix +} + +scenario_assert() { + nexec "[ \"\$(stat -c '%a %U' '$(_keyfile)')\" = '600 root' ]" +} -- cgit v1.2.3