From 65680649e052e8c13a8865debe37cd0e733d020d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 1 Jan 2025 22:38:42 +0100 Subject: [PATCH] don't run sops + editor in a pipe --- pkgs/clan-cli/clan_cli/secrets/sops.py | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/pkgs/clan-cli/clan_cli/secrets/sops.py b/pkgs/clan-cli/clan_cli/secrets/sops.py index 605c3861e..6d8d3ecff 100644 --- a/pkgs/clan-cli/clan_cli/secrets/sops.py +++ b/pkgs/clan-cli/clan_cli/secrets/sops.py @@ -6,7 +6,6 @@ import logging import os import shutil import subprocess -import sys from collections.abc import Iterable, Sequence from contextlib import suppress from pathlib import Path @@ -194,7 +193,7 @@ def sops_run( sops_cmd.append("decrypt") else: # When sops is used to edit a file the config is only used at - # file creation, otherwise the keys from the exising file are + # file creation, otherwise the keys from the existing file are # used. sops_cmd.extend(["--config", manifest.name]) @@ -240,6 +239,11 @@ def sops_run( if run_opts else RunOpts(env=environ) ) + if call == Operation.EDIT: + # Use direct stdout / stderr, as else it breaks editor integration. + # We never need this in our UI. TUI only. + p1 = subprocess.run(cmd, check=False, text=True) + return p1.returncode, "" p = run(cmd, opts) return p.returncode, p.stdout @@ -376,18 +380,12 @@ def encrypt_file( folder.mkdir(parents=True, exist_ok=True) if not content: - # Use direct stdout / stderr, as else it breaks editor integration. - # We never need this in our UI. TUI only. + # This will spawn an editor to edit the file. rc, _ = sops_run( Operation.EDIT, secret_path, pubkeys, - RunOpts( - stdout=sys.stdout.buffer, - stderr=sys.stderr.buffer, - check=False, - log=Log.NONE, - ), + RunOpts(), ) status = ExitStatus.parse(rc) if rc == 0 or status == ExitStatus.FILE_HAS_NOT_BEEN_MODIFIED: