core: don't persist secret-key for tests

Tests might access the secret-key.

For CI builds we may very well build NM as root and also run
unit tests. In such a situation it's bad to persist the secret
key. For example, the SELinux label may be wrong, and subsequently
starting NetworkManager may cause errors. Avoid persisting the secret
key for tests.

src/nm-core-utils.c

@@ -2511,6 +2511,12 @@ _secret_key_read (guint8 **out_secret_key,
 		goto out;
 	}
 
+	if (nm_utils_get_testing ()) {
+		/* for test code, we don't write the generated secret-key to disk. */
+		success = FALSE;
+		goto out;
+	}
+
 	if (!nm_utils_file_set_contents (NMSTATEDIR "/secret_key", (char *) secret_key, key_len, 0077, &error)) {
 		nm_log_warn (LOGD_CORE, "secret-key: failure to persist secret key in \"%s\" (%s) (use non-persistent key)",
 		             NMSTATEDIR "/secret_key", error->message);

src/tests/test-general.c

@@ -1922,12 +1922,8 @@ test_machine_id_read (void)
 
 	logstate = nmtst_logging_disable (FALSE);
 	/* If you run this test as root, without a valid /etc/machine-id,
-	 * the code will try to get the secret-key (and possibly attempt
-	 * to write it).
-	 *
-	 * That's especially ugly, if you run the test as root and it writes
-	 * a new "/var/lib/NetworkManager/secret_key" file. Another reason
-	 * not to run tests as root. */
+	 * the code will try to get the secret-key. That is a bit ugly,
+	 * but no real problem. */
 	machine_id = nm_utils_machine_id_bin ();
 	nmtst_logging_reenable (logstate);