From 1c736072d524d1142845db42a72bf404fe47ff07 Mon Sep 17 00:00:00 2001 From: Rudis Muiznieks Date: Mon, 30 Aug 2021 08:03:21 -0500 Subject: [PATCH] fixed minisign failure with trailing newline in .plan --- README.md | 1 - dotplan | 23 +++++++++++++++++------ 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index fc9a25d..ef333dd 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,6 @@ Several other aspects can be configured via environment variables: - `DOTPLAN_CONFIG_PATH`: the config file to read and write (`$HOME/.dotplan.conf.json`) - `DOTPLAN_MINISIGN_PRIVATE_KEY` the location of your private key (`$HOME/.minisign/minisign.key`) - `DOTPLAN_PLAN_PATH` the location of your plan for the `publish` and `edit` commands (`$HOME/.plan`) -- `DOTPLAN_PLAN_SIG_PATH` where to save the signature for the `publish` and `edit` commands (`$HOME/.plan.minisig`) - `DOTPLAN_CURL_PATH` to specify the location of `curl` - `DOTPLAN_JQ_PATH` to specify the location of `jq` - `DOTPLAN_DRILL_PATH` to specify the location of `drill` or `dig` diff --git a/dotplan b/dotplan index 3a17ecd..b78b3cc 100755 --- a/dotplan +++ b/dotplan @@ -15,11 +15,10 @@ # "relayProvider": "https://dotplan.online" # } -version="v0.9.1" +version="v0.9.2" config_path=${DOTPLAN_CONFIG_PATH:-"$HOME/.dotplan.conf.json"} minisign_private_key=${DOTPLAN_MINISIGN_PRIVATE_KEY:-"$HOME/.minisign/minisign.key"} plan_path=${DOTPLAN_PLAN_PATH:-"$HOME/.plan"} -plan_sig_path=${DOTPLAN_PLAN_SIG_PATH:-"$HOME/.plan.minisig"} usage() { echo "dotplan.online CLI $version" @@ -91,6 +90,10 @@ validate_email() ( exit $good_email ) +make_temp_file() { + echo 'mkstemp(template)' | m4 -D template="${TMPDIR:-"/tmp"}/dotplanXXXXXX" +} + check_curl_resp() { curl_resp=$1 check_key=$2 @@ -174,11 +177,19 @@ publish() ( curl_data=$(jq -n --arg token "$token" --arg plan "$plan_content" '{"plan":$plan,"auth":$token}') if [ -n "$minisign" ]; then echo "signing plan with key $minisign_private_key" - if ! $minisign -S -q -s "$minisign_private_key" -x "$plan_sig_path" -m "$plan_path"; then + plan_temp_file=$(make_temp_file) + plan_sig_temp_file=$(make_temp_file) + # this normalizes the content with the json, + # removing trailing newline if it exists + printf "%s" "$plan_content" > "$plan_temp_file" + $minisign -S -q -s "$minisign_private_key" -x "$plan_sig_temp_file" -m "$plan_temp_file" + minisign_success=$? + plan_sig_content=$(cat "$plan_sig_temp_file") + rm "$plan_temp_file" "$plan_sig_temp_file" + if [ "$minisign_success" -ne 0 ]; then error 'minisign command failed' exit 1 fi - plan_sig_content=$(cat "$plan_sig_path") curl_data=$(echo "$curl_data" | jq --arg signature "$plan_sig_content" '.signature=$signature') fi curl_url="$publish_provider/plan/$(url_encode "$auth_email")" @@ -229,8 +240,8 @@ fetch() ( error "plan is not signed" exit 1 fi - temp_plan_file=$(echo 'mkstemp(template)' | m4 -D template="${TMPDIR:-"/tmp"}/dotplanXXXXXX") - temp_sig_file="$temp_plan_file.minisig" + temp_plan_file=$(make_temp_file) + temp_sig_file=$(make_temp_file) printf "%s" "$plan_content" > "$temp_plan_file" printf "%s" "$sig_content" > "$temp_sig_file" minisign -q -Vm "$temp_plan_file" -x "$temp_sig_file" -P "$fetch_pubkey"