fix -d/--decrypt-only not working correctly for binary data

ryantm / agenix

age-encrypted secrets for NixOS and Home manager

https://matrix.to/#/#agenix:nixos.org

Creative Commons Zero v1.0 Universal

1.34k stars 108 forks source link

fix -d/--decrypt-only not working correctly for binary data #164

Closed whentze closed 1 year ago

whentze commented 1 year ago

I had first used printf for outputting the data, but that breaks if the secret itself contains null bytes.

One could fix this by using e.g. cat, but looking a bit more at the code I realized that in the -d case we never need to mktemp at all and can just ask age to write directly to stdout by not setting -o.

whentze commented 1 year ago

@ryantm this changes the separation of responsibilities between decrypt and edit a bit, let me know if that's alright or if I should write a more conservative fix instead (e.g. using cat).

Also, do you think we should add a test for binary data?

n8henrie commented 1 year ago

Also, do you think we should add a test for binary data?

yes, that would be great! Also, I would think printf would work for binary data, just perhaps not with %s, which tells it to interpret arguments as a string. But seems like you figured out something that works!