In SSL tests, don't scribble on permissions of a repo file.

tglsfdc · tglsfdc · commit 21c2c3d75e88 · 2017-05-15T23:27:51.000-04:00
Modifying the permissions of a persistent file isn't really much nicer than modifying its contents, even if git doesn't currently notice it. Adjust the test script to make a copy and set the permissions of that instead. Michael Paquier, per a gripe from me. Back-patch to 9.5 where these tests were introduced. Discussion: https://postgr.es/m/14836.1494885946@sss.pgh.pa.us
diff --git a/src/test/ssl/ssl/.gitignore b/src/test/ssl/ssl/.gitignore
@@ -1,2 +1,3 @@
-*.old
-new_certs_dir
+/*.old
+/new_certs_dir/
+/client_tmp.key
diff --git a/src/test/ssl/t/001_ssltests.pl b/src/test/ssl/t/001_ssltests.pl
@@ -66,10 +66,10 @@ sub test_connect_fails
 	ok(!$result, "$connstr (should fail)");
 }
 
-# The client's private key must not be world-readable. Git doesn't track
-# permissions (except for the executable bit), so they might be wrong after
-# a checkout.
-chmod 0600, "ssl/client.key";
+# The client's private key must not be world-readable, so take a copy
+# of the key stored in the code tree and update its permissions.
+copy("ssl/client.key", "ssl/client_tmp.key");
+chmod 0600, "ssl/client_tmp.key";
 
 #### Part 0. Set up the server.
 
@@ -229,11 +229,11 @@ sub test_connect_fails
 
 # correct client cert
 test_connect_ok(
-	"user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client.key");
+	"user=ssltestuser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key");
 
 # client cert belonging to another user
 test_connect_fails(
-	"user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client.key");
+	"user=anotheruser sslcert=ssl/client.crt sslkey=ssl/client_tmp.key");
 
 # revoked client cert
 test_connect_fails(
@@ -243,7 +243,10 @@ sub test_connect_fails
 # intermediate client_ca.crt is provided by client, and isn't in server's ssl_ca_file
 switch_server_cert($node, 'server-cn-only', 'root_ca');
 $common_connstr =
-"user=ssltestuser dbname=certdb sslkey=ssl/client.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR";
+"user=ssltestuser dbname=certdb sslkey=ssl/client_tmp.key sslrootcert=ssl/root+server_ca.crt hostaddr=$SERVERHOSTADDR";
 
 test_connect_ok("sslmode=require sslcert=ssl/client+client_ca.crt");
 test_connect_fails("sslmode=require sslcert=ssl/client.crt");
+
+# clean up
+unlink "ssl/client_tmp.key";
