Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ini: Encode duplicate sections #1340

Open
r10r opened this issue Nov 3, 2023 · 1 comment · May be fixed by #1452
Open

ini: Encode duplicate sections #1340

r10r opened this issue Nov 3, 2023 · 1 comment · May be fixed by #1452

Comments

@r10r
Copy link

r10r commented Nov 3, 2023
edited

It would be nice to encode sections with the same name in INI style config files.
Duplicate sections should not be dropped from the encoded output, because
some programs, namely wg from the wireguard-tools rely on this.

From https://www.man7.org/linux/man-pages/man8/wg.8.html

The configuration file format is based on INI. There are two top
level sections -- Interface and Peer. Multiple Peer sections may
be specified, but only one Interface section may be specified.

Example

Trying to encode a wg-quick configuration file fails because only a single [Peer] section is returned in the encoded with sops -e output.

input file test.ini

[Interface]
Address = 10.192.122.1/24
Address = 10.10.0.1/16
SaveConfig = true
PrivateKey = yAnz5TF+lXXJte14tji3zlMNq+hd2rYUIgJBgB3fBmk=
ListenPort = 51820

[Peer]
PublicKey = xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg=
AllowedIPs = 10.192.122.3/32, 10.192.124.1/24

[Peer]
PublicKey = TrMvSoP4jYQlY6RIzBgbssQqY3vxI2Pi+y71lOWWXX0=
AllowedIPs = 10.192.122.4/32, 192.168.0.0/16

[Peer]
PublicKey = gN65BkIKy1eCE9pP1wdc8ROUtkHLF2PfAqYdyYBz6EA=
AllowedIPs = 10.10.10.230/32

The following age key is used for encryption.

# created: 2023-11-03T18:50:59+01:00
# public key: age1uz5gjmw28w0zzmrlel2jy3n826qvhxsxu9aafyg2q0kyjk8v2g8sufhvlu
AGE-SECRET-KEY-1EYF85KESJDNUNDCVQXDGMC8NCEXYZS92HW5842VSG30L4JLPZVQQ36P0JH

export SOPS_AGE_RECIPIENTS=age1uz5gjmw28w0zzmrlel2jy3n826qvhxsxu9aafyg2q0kyjk8v2g8sufhvlu
sops -e --encrypted-regex PrivateKey test.ini

encrypted output

[Interface]
Address    = 10.10.0.1/16
SaveConfig = true
PrivateKey = ENC[AES256_GCM,data:8HAoZSPkV11O8LgIBPNrOyRnSGLTfQg98qiqp8kIk2rb1aClftDqhNajW1E=,iv:2Ki3gTHuHFNyQR8mRppeWErdlKxw1uEW7J493uhYLTc=,tag:YqhfjQvxEr7w6cF3dTvYHQ==,type:str]
ListenPort = 51820

[Peer]
PublicKey  = gN65BkIKy1eCE9pP1wdc8ROUtkHLF2PfAqYdyYBz6EA=
AllowedIPs = 10.10.10.230/32

[sops]
version                    = 3.8.1
mac                        = ENC[AES256_GCM,data:8YauGBM28AD6cQJOSRLZrSVSMsfvnHJNkSvUfXvajI/ezW9Tu8jlGljRp+cBziSywBEhBj5pfOOsAOMUHImwa1by4vs+hljD0k1h12oocygMYz7gitAlTplUiDaYos/KkvCldLuPJRdQIuFMtJXUMbULM58G6pGJJowJoNKcuwE=,iv:QydnAZrherzVr1XJl4dISjc/CHx0cO6XvuYBEb/oU9E=,tag:EG8lKXZ64lgn/TBSYBdpUg==,type:str]
encrypted_regex            = PrivateKey
lastmodified               = 2023-11-03T17:52:07Z
age__list_0__map_recipient = age1uz5gjmw28w0zzmrlel2jy3n826qvhxsxu9aafyg2q0kyjk8v2g8sufhvlu
age__list_0__map_enc       = -----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvRHIvc3M5SDZTNlBibG9z\nMTJPd1JHQk1EUVgzTGlCTnRFMk1uL0d4NUh3CmxhUG1ua1kzWHdSZngrdnkwbC9k\nZjhLQXBsaytrUlVkL1pUWHFVRHUzb2MKLS0tIHBZaWlhUkxlNjNIZnhqb1dKakZk\naEMyY1RYVS95ME9VSGpTaW1BTWhFS2cKzbZOnpYxeRRhZ3UgOpNX0FbMV4JUnlCk\nvkeXSMq4E5DcliVJDCRHK+xsV2Rg9cK8SdcdmR1Of+V735mDIH97XQ==\n-----END AGE ENCRYPTED FILE-----\n

Only the first [Peer] section is included in the encrypted output file.
@reindlt reindlt linked a pull request Mar 7, 2024 that will close this issue
Open
@reindlt
Copy link

reindlt commented Mar 7, 2024

I am facing exactly the same problem so I opened a PR for this issue. Let's see what the maintainers say.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add duplicate section support to ini store reindlt/sops
2 participants
@r10r @reindlt