From c30eddcd4d40cfc6ff5e35692919fdc6eb276d7a Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Thu, 22 Apr 2021 14:36:52 -0700 Subject: [PATCH] Encrypt: never strip with --infile If the user is specifying --infile, it is very unlikely that they want the input stripped. This can cause pem-encoded private key formatting errors. Also, we shouldn't make it difficult to just encrypt a whole file as a secret and get the exact same content out when decrypting it. Change-Id: Ifd1d95d72ba2b2bf8038fd6313b30207d2cba14b --- zuulclient/cmd/__init__.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/zuulclient/cmd/__init__.py b/zuulclient/cmd/__init__.py index 70475dc..7bf4a77 100644 --- a/zuulclient/cmd/__init__.py +++ b/zuulclient/cmd/__init__.py @@ -478,7 +478,8 @@ class ZuulClient(): required=False, default=None) cmd_encrypt.add_argument('--no-strip', action='store_true', help='Do not strip whitespace from beginning ' - 'or end of input.', + 'or end of input. Ignored when ' + '--infile is used.', default=False) cmd_encrypt.add_argument('--secret-name', default=None, @@ -511,7 +512,9 @@ class ZuulClient(): raise ArgumentException( 'Either provide a public key or a project to continue' ) + strip = not self.args.no_strip if self.args.infile: + strip = False try: with open(self.args.infile) as f: plaintext = f.read() @@ -522,7 +525,7 @@ class ZuulClient(): 'Insufficient rights to open %s' % self.args.infile) else: plaintext = sys.stdin.read() - if not self.args.no_strip: + if strip: plaintext = plaintext.strip() pubkey_file = tempfile.NamedTemporaryFile(delete=False) self.log.debug('Creating temporary key file %s' % pubkey_file.name)