diff --git a/patches/base/garage/fix-secrets-695.patch b/patches/base/garage/fix-secrets-695.patch new file mode 100644 index 0000000..9e34260 --- /dev/null +++ b/patches/base/garage/fix-secrets-695.patch @@ -0,0 +1,66 @@ +From 25e5738568b2a021de3a79af3282b2b5feaee9e8 Mon Sep 17 00:00:00 2001 +From: Alex Auvolat +Date: Mon, 12 Feb 2024 10:42:17 +0100 +Subject: [PATCH] [fix-secrets-695] take into account rpc secret from file for + cli commands (fix #695) + +--- + src/garage/main.rs | 23 +++++++++++++++-------- + src/garage/secrets.rs | 2 +- + 2 files changed, 16 insertions(+), 9 deletions(-) + +diff --git a/src/garage/main.rs b/src/garage/main.rs +index 5c92dae4..1a6a6e32 100644 +--- a/src/garage/main.rs ++++ b/src/garage/main.rs +@@ -174,7 +174,9 @@ async fn main() { + } + + async fn cli_command(opt: Opt) -> Result<(), Error> { +- let config = if opt.secrets.rpc_secret.is_none() || opt.rpc_host.is_none() { ++ let config = if (opt.secrets.rpc_secret.is_none() && opt.secrets.rpc_secret_file.is_none()) ++ || opt.rpc_host.is_none() ++ { + Some(garage_util::config::read_config(opt.config_file.clone()) + .err_context(format!("Unable to read configuration file {}. Configuration file is needed because -h or -s is not provided on the command line.", opt.config_file.to_string_lossy()))?) + } else { +@@ -182,14 +184,19 @@ async fn cli_command(opt: Opt) -> Result<(), Error> { + }; + + // Find and parse network RPC secret +- let net_key_hex_str = opt +- .secrets +- .rpc_secret +- .as_ref() +- .or_else(|| config.as_ref().and_then(|c| c.rpc_secret.as_ref())) +- .ok_or("No RPC secret provided")?; ++ let mut rpc_secret = config.as_ref().and_then(|c| c.rpc_secret.clone()); ++ secrets::fill_secret( ++ &mut rpc_secret, ++ &config.as_ref().and_then(|c| c.rpc_secret_file.clone()), ++ &opt.secrets.rpc_secret, ++ &opt.secrets.rpc_secret_file, ++ "rpc_secret", ++ true, ++ )?; ++ ++ let net_key_hex_str = rpc_secret.ok_or("No RPC secret provided")?; + let network_key = NetworkKey::from_slice( +- &hex::decode(net_key_hex_str).err_context("Invalid RPC secret key (bad hex)")?[..], ++ &hex::decode(&net_key_hex_str).err_context("Invalid RPC secret key (bad hex)")?[..], + ) + .ok_or("Invalid RPC secret provided (wrong length)")?; + +diff --git a/src/garage/secrets.rs b/src/garage/secrets.rs +index 8c89a262..a2c64cef 100644 +--- a/src/garage/secrets.rs ++++ b/src/garage/secrets.rs +@@ -83,7 +83,7 @@ pub fn fill_secrets(mut config: Config, secrets: Secrets) -> Result, + config_secret_file: &Option, + cli_secret: &Option,