TravisCI can't use a long environment variable - tdd

I'm trying to add a environment variable on TravisCI like this:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9SGTTy7eyPBRc
3Zc43SUUd957VuLLrdgklJSREM3UwIi6m2wP8lVU8NOgXNoHktM6cb5K7aYhlph3
8iqujmXK2Nzmg4r5WJau8Sc3tzET2YqFvCefBAE2smC7bDKGuxjho5cc53YOGzWs
4wcH9UBNVsoyXX4O+7UnY7Lxf12CnB3557VjmPq07GDUMm9TymtlqLXSa3VQsePm
fjtuvgojeUZYZqVXMQD/NvIr4D5y+IPcSibw8eAQd2ltBNxBzFlxSNVUcqLbd9hK
ep49vdnqpy4FozYwG4NuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaiRI3L
CCkl4GmJAgMBAAECggEADekDUeZLfGt6Yp29RoZH+pJZlQ5cUfQXaY7KwUNvIPa6
wFhj7fpBxtSmhSyaDcJKf7gwEfpD7DZWcvya1QJTBfnOyThOJFpzRIfeciBjHFGb
tbbbbbbbbbbm+PZwGh9USZqfJm9/yMr8+dUBWGCrcw7KyYygOp32QVsjHBXL6ns6
9Jdn36tk/JiP03eLx24Ns+Ls
-----END PRIVATE KEY-----
(It's not real key)
when I try to add, TravisCI undo my format text
How i can use a long enviroment vars on TravisCI?

I found on github.com/travis-ci/travis-ci/issues/7715 this:
1.replace all EOL (line break) by \n
2. In the web interface, copy-paste the value with the following prefix "$(echo -e ' and suffix ')"
For example, to export
-----BEGIN CERTIFICATE-----
MKOQ1zYTmd
zkRpTFq4xu
-----END CERTIFICATE-----
replace EOL with \n and escape special characters such as space edit :
you don't need to escape other characters
-----BEGIN CERTIFICATE-----\nMKOQ1zYTmd\nzkRpTFq4xu\n-----END CERTIFICATE-----
add prefix and suffix
"$(echo -e ' -----BEGIN CERTIFICATE-----\nMKOQ1zYTmd\nzkRpTFq4xu\n-----END CERTIFICATE-----
')"
copy-paste it to the Travis interface
It works for me :)

Related

Keep the trailing newlines when reading a PEM with yq

I have the following use case. I need to read from an YAML file using yq v4 PEM keys. It's then important to keep the trailing newlines otherwise a future reading of those PEM keys would miserably fail.
I haven't found a way in Bash to read a PEM from an Yaml file and store it in a variable keeping the trailing newlines.
Naturally if I would use $() Bash would remove the trailing new lines.
Do you have any other idea?
I seriously doubt that you genuinely need to do this (see comments on the question), but using a process substitution to feed input to the read command (configured to expect end-of-input to be signified by a NUL rather than a newline) will work:
IFS='' read -r -d '' input < <(yq ... && printf '\0')
Be sure you check stored contents with echo "$input" or declare -p input, not echo $input. (That's true in the command-substitution case too).

printf prints commas to file

I'm having an environment variable that get's printed to a file which is then read by my program. When the variable gets written to the file it looks like this:
-----BEGIN
,RSA
,PRIVATE
,KEY-----
,MIIEowIBAAKCAQEAtxPgpPqD1cZdoTeOMvOnqp0NkkCqcMsn8V4j9KrFWpPxiweu
,H1r69S2ssmuqtleLVKk2kwgTn6x+AvcqgTBLsjnfpPmD2mBKvTqCvaBT2VXdxGiA
,dlp etc....
When it should look like this:
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtxPgpPqD1cZdoTeOMvOnqp0NkkCqcMsn8V4j9KrFWpPxiweu
H1r69S2ssmuqtleLVKk2kwgTn6x+AvcqgTBLsjnfpPmD2mBKvTqCvaBT2VXdxGiA
dlpJMJAvCwBsDnDRilSRoNja4DpF26bHSQePwZF1/4OqnF6GtvGcPPPENiJkjxr/ etc...
My script command looks like this:
- printf '%s\n', $PRIVATE_KEY > $CI_PROJECT_DIR/private.pem
What am I doing wrong?
printf '%s\n' "$PRIVATE_KEY" > "$CI_PROJECT_DIR"/private.pem
Quote "$PRIVATE_KEY" to prevent it from being split into separate words. As a rule of thumb, always quote variable expansions to prevent accidental mangling of their values. It's a good habit to get into.
Also, remove the trailing comma from '%s\n',. Shell script arguments are not comma-separated.

how to extract multiple lines between header and footer in bash [duplicate]

This question already has answers here:
Remove a fixed prefix/suffix from a string in Bash
(9 answers)
Delete everyting preceding and including a certain substring from variable
(2 answers)
How can I remove all text after a character in bash?
(7 answers)
Closed 2 years ago.
if I have a bash variable that contains the following string:
my signed 1.5 tag
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJTZbQlAAoJEF0+sviABDDrZbQH/09PfE51KPVPlanr6q1v4/Ut
LQxfojUWiLQdg2ESJItkcuweYg+kc3HCyFejeDIBw9dpXt00rY26p05qrpnG+85b
hM1/PswpPLuBSr+oCIDj5GMC2r2iEKsfv2fJbNW8iWAXVLoWZRF8B0MfqX/YTMbm
ecorc4iXzQu7tupRihslbNkfvfciMnSDeSvzCpWAHl7h8Wj6hhqePmLm9lAYqnKp
8S5B/1SSQuEAjRZgI4IexpZoeKGVDptPHxLLS38fozsyi0QyDyzEgJxcJQVMXxVi
RUysgqjcpT8+iQM1PblGfHR4XAhuOqN5Fx06PSaFZhqvWFezJ28/CLyX5q+oIVk=
=EFTF
-----END PGP SIGNATURE-----
commit ca82a6dff817ec66f44342007202690a93763949
Author: Scott Chacon <schacon#gee-mail.com>
Date: Mon Mar 17 21:52:11 2008 -0700
Change version number
in bash, how can extract the base64 signature and store it in a new variable, so that it will contain exactly
iQEcBAABAgAGBQJTZbQlAAoJEF0+sviABDDrZbQH/09PfE51KPVPlanr6q1v4/Ut
LQxfojUWiLQdg2ESJItkcuweYg+kc3HCyFejeDIBw9dpXt00rY26p05qrpnG+85b
hM1/PswpPLuBSr+oCIDj5GMC2r2iEKsfv2fJbNW8iWAXVLoWZRF8B0MfqX/YTMbm
ecorc4iXzQu7tupRihslbNkfvfciMnSDeSvzCpWAHl7h8Wj6hhqePmLm9lAYqnKp
8S5B/1SSQuEAjRZgI4IexpZoeKGVDptPHxLLS38fozsyi0QyDyzEgJxcJQVMXxVi
RUysgqjcpT8+iQM1PblGfHR4XAhuOqN5Fx06PSaFZhqvWFezJ28/CLyX5q+oIVk=
=EFTF
I tried various combinations of sed or awk but didn't get any working that preserves the line breaks
Using bash parameter expansions
signature=${string#*$'\n'-----BEGIN PGP SIGNATURE-----$'\n'}
signature=${signature#*$'\n\n'}
signature=${signature%%$'\n'-----END PGP SIGNATURE-----*}
The first assignment removes the part from the beginning of the string to the line consisting of -----BEGIN PGP SIGNATURE-----. The second one removes the part to the first blank line. The third removes the part from the -----END PGP SIGNATURE----- to the end of the string. The remaining string is the base64 signature.
Explanation of parameter expansion forms used in the answer:
${var#pattern} is replaced by the content of the variable var with the shortest matching pattern deleted (from the beginning), if the pattern matches the leading portion of the content of the variable var.
${var%%pattern} is replaced by the content of the variable var with the longest matching pattern deleted (from the end), if the pattern matches the trailing portion of the content of the variable var.
For detailed information on all forms of bash parameter expansion, read the shell parameter expansion.
sed -n '/---/,/---/{/---/n;/^Version/{n;n};p}'
Between the --- lines, use n to skip the lines that you don't want. Otherwise p to print them.
Could obviously expand the regexes to be a bit more strict.
Assuming the empty lines around the signature is always present:
awk -v RS= 'sub(/\n-----END PGP SIGNATURE-----/, ""){print; exit}'
-v RS= paragraph mode, record separator will be two or more consecutive newlines
sub(/\n-----END PGP SIGNATURE-----/, "") if this substitution succeeds
print; exit print the modified record and quit
\n is used in the substitution since default ORS is newline
Assuming a bash variable str holds the mentioned string, would you please try:
pat=$'-----BEGIN PGP SIGNATURE-----\n.*\n\n([^-]+)\n-----END PGP SIGNATURE-----'
if [[ $str =~ $pat ]]; then
signature=${BASH_REMATCH[1]}
echo "$signature"
fi

Escape newline character while encoding in base64

I have a situation where in my BASH script, I need to encode an environment variable to base64 and write it to a json file, which is then picked up by docker.
I have the below code for this:
USER64=$(echo $USER | base64)
echo '{"auths": {"auth": "'"$USER64"'}}' > ~/.docker/config.json
This works, but the problem is the encoded value of $USER contains a \n so the echo writes it into the config file as 2 lines. How can I escape all the \n while encoding the $USER and write it to the config file?
As added incentive to use jq, it can do the base64 encoding for you:
jq -n --arg u "$USER" '{auths: {auth: ($u | #base64)}}' > ~/.docker/config.json
(And as far as I can tell, #base64 is working on the original value, not the JSON-encode value, of $USER.)
You can use the substitution operator in shell parameter expansion.
echo '{"auths": {"auth": "'"${USER64/$'\n'/\\\n}"'}}' > ~/.docker/config.json
But you can also use an option to base64 to prevent it from putting newlines into the encoding in the first place.
USER64=$(echo $USER | base64 --wrap=0)

How to source a dotenv (.env) file in dash?

There are a lot of examples here how to source a dotenv file in bash but has anyone one a method that achieves the same with dash (which is the default shell for minimal Debian installations)?
The solution should look like this:
$ some foo my-command-using-env-vars
e.g.
$ env $(cat .env) my-command-using-env-vars
And it is important that the solution supports multiline values with spaces like:
SSH_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nfoo\nbar\baz"
and special characters like hash within quotes:
SPECIAL="foo#bar"
It seems that your problem is not so much that you're using dash but that you want to support \n escapes. The following works in dash and supports \n escapes:
eval "$(echo $(cat .env))" my-command-using-env-vars
That's because unlike in bash the built-in echo in dash supports backslash escapes even without the -e option. The following works in both bash and dash, provided that the non-built-in, system echo supports the -e option:
eval "$(env echo -e $(cat .env))" my-command-using-env-vars
Note that both approaches will also handle other backslash escapes (either POSIX or GNU), possibly in a different way than you expect.
Some technical notes:
$(cat .env)
performs Field Splitting, converting any newline in file .env into spaces.
"$(env echo -e ...)"
expands backslash escapes regardless of the current shell by invoking echo -e via env. The double quotes disable field splitting, so that newlines are preserved.

Resources