Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

encrypting empty file panics #483

Closed
jasonkuhrt opened this issue Jun 19, 2019 · 15 comments
Closed

encrypting empty file panics #483

jasonkuhrt opened this issue Jun 19, 2019 · 15 comments
Labels
bug priority/low Low priority issues

Comments

@jasonkuhrt
Copy link

Not a great onboarding experience; in the following I try helm-secrets (which uses sops under the hood) but get a panic.

touch foo.yaml
❯ helm secrets enc foo.yaml
Encrypting foo.yaml
panic: runtime error: index out of range

goroutine 1 [running]:
main.encrypt(0x1a88ce0, 0xc00009a630, 0x2615200, 0x2089cf8, 0x2615200, 0x2089cf8, 0x7ffeefbfe0ef, 0x14, 0xc000064990, 0x1, ...)
	/private/tmp/sops-20190418-79323-1cw3pqc/sops-3.3.0/src/go.mozilla.org/sops/cmd/sops/encrypt.go:66 +0x98a
main.main.func5(0xc000226000, 0x0, 0x0)
	/private/tmp/sops-20190418-79323-1cw3pqc/sops-3.3.0/src/go.mozilla.org/sops/cmd/sops/main.go:483 +0x2ed8
go.mozilla.org/sops/vendor/gopkg.in/urfave/cli%2ev1.HandleAction(0x17f8060, 0x1947088, 0xc000226000, 0x0, 0x0)
	/private/tmp/sops-20190418-79323-1cw3pqc/sops-3.3.0/src/go.mozilla.org/sops/vendor/gopkg.in/urfave/cli.v1/app.go:490 +0xc8
go.mozilla.org/sops/vendor/gopkg.in/urfave/cli%2ev1.(*App).Run(0xc000214000, 0xc0000b8000, 0x8, 0x8, 0x0, 0x0)
	/private/tmp/sops-20190418-79323-1cw3pqc/sops-3.3.0/src/go.mozilla.org/sops/vendor/gopkg.in/urfave/cli.v1/app.go:264 +0x590
main.main()
	/private/tmp/sops-20190418-79323-1cw3pqc/sops-3.3.0/src/go.mozilla.org/sops/cmd/sops/main.go:649 +0x2578
Error: plugin "secrets" exited with error

Maybe a more useful message would be Nothing to encrypt or just make encryption work but it be, well, empty string.
@ajvb ajvb added bug priority/low Low priority issues labels Jun 19, 2019
@ajvb ajvb added this to the sops 3.4.0 milestone Jun 19, 2019
@ajvb
Copy link
Contributor

ajvb commented Jun 19, 2019

Thanks for reporting @jasonkuhrt! Seems to be yaml specific.

@mr-karan mr-karan mentioned this issue Jul 1, 2019
Closed
@fzyzcjy
Copy link

fzyzcjy commented Oct 1, 2020

Hi the issue seems to still exist...

@ajvb ajvb removed this from the sops 3.4.0 milestone Mar 24, 2021
@Moskovych
Copy link

@ajvb , Is this issue planned to be fixed or somehow omitted?
In case of encryption / decryption files in a folder (with loop, etc) with empty files it adds additional complexity for checks.
Additional key, some kind a --skip-empty would be good to have.

@fzyzcjy
Copy link

fzyzcjy commented Jul 22, 2021
edited
Loading

oh almost 3 seasons has passed and the bug is still there, looking forward to seeing it be fixed

@karlschriek
Copy link

Also would like to ping on this. Shouldn't default behaviour be output=input in the case where there is nothing to encrypt? It would actually be nice to just run sops recursively on a repo full of manifests and have it look for things to encrypt and leave the rest alone.

@Morriz Morriz mentioned this issue Apr 14, 2022
Closed
@j-zimnowoda j-zimnowoda mentioned this issue Nov 10, 2022
Merged
5 tasks
@michaeldelago
Copy link

For this issue, I just make the yaml file have contents such as:

placeholder: placeholder

Not ideal but it's a pretty simple workaround.

@hwo411
Copy link

hwo411 commented Aug 1, 2023

It seems that it has to be a valid yaml to be encrypted, so you can use {}, since it's an empty object in yaml (like in json)

@cesarjorgemartinez
Copy link

I have come to this issue, it is true that it is very uncomfortable to handle these exceptions in automatic processes.

I have broken files in this way:

  • Empty files
  • Files with only comments, to have them ready to add data

@felixfontein
Copy link
Contributor

I tried to fix this (#1290), but I'm not sure how the behavior should be.

A simple way is to remove the crash (which checks that the first document doesn't have sops metadata - since there are zero documents in this file, it crashes). This results in an encrypted empty file being empty again. Decrypting that empty file isn't possible since it doesn't have sops metadata.

Alternatively the YAML store could be changed to always return at least one document (tree branch in sops internal notation). That would result in a regular sops encrypted file, whose decryption would be {}. If you encrypt {} or a file with only --- in it, you would get the same encrypted file, and its decryption would also be {}.

So - should an empty file be treated as "zero YAML documents", or as "one YAML document that is an empty mapping"?

@felixfontein
Copy link
Contributor

According to the spec, an empty YAML file is zero YAML documents (see https://yaml.org/spec/1.2.2/#92-streams).

@Ph0tonic
Copy link
Contributor

Ph0tonic commented Nov 25, 2023
edited
Loading

This issue has been fixed by #1290, I just tested it with sops 3.8.1 and it seems to work. Shall we close this issue ?

@zoechi
Copy link

zoechi commented Dec 1, 2023

Redirecting the output to the file that is encrypted also causes this error.

sops --encrypt some-file.yaml > some-file.yaml

This results in some-file.yaml becoming an empty file.

@felixfontein
Copy link
Contributor

@zoechi that's not very surprising, since some-file.yaml gets cleared due to the stdout redirect before sops is actually started.

Better use sops --encrypt --output some-file.yaml some-file.yaml.

@felixfontein
Copy link
Contributor

Closing since this is fixed. (Thanks @Ph0tonic!)

@cesarjorgemartinez
Copy link

cesarjorgemartinez commented Dec 16, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug priority/low Low priority issues
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests