dumpcerts.sh: Fix call to "base64" for Alpine #2344
Conversation
contrib/scripts/dumpcerts.sh
Outdated
| @@ -149,10 +149,10 @@ for domain in $(jq -r '.DomainsCertificate.Certs[].Certificate.Domain' ${acmefil | |||
| echo "Extracting cert bundle for ${domain}" | |||
| cert=$(jq -e -r --arg domain "$domain" '.DomainsCertificate.Certs[].Certificate | | |||
| select (.Domain == $domain )| .Certificate' ${acmefile}) || bad_acme | |||
| echo "${cert}" | base64 --decode > "${cdir}/${domain}.crt" | |||
| echo "${cert}" | base64 -d > "${cdir}/${domain}.crt" | |||
There was a problem hiding this comment.
Is -d supported in non-Alpine contexts as well?
If yes: cool 👍
If no: shouldn't our script be smart enough to handle both option styles?
There was a problem hiding this comment.
The man page states both options. I have verified the help output of Ubuntu 10.04, Ubuntu 16.04, Centos 7 and Fedora 26 and they all support the short-hand option.
Alpine is a bit special, because the installed binary for base64 is actually the busybox binary. I guess that's the reason. I believe it is safe to use -d without checking for the environment.
There was a problem hiding this comment.
The base64 binary shipped with Mac OS X seems to deviate:
$ base64 --help
Usage: base64 [-hvD] [-b num] [-i in_file] [-o out_file]
-h, --help display this message
-D, --decode decodes input
-b, --break break encoded string into num character lines
-i, --input input file (default: "-" for stdin)
-o, --output output file (default: "-" for stdout)
:(
There was a problem hiding this comment.
That's sad... I'll have to check if the is another base64 binary for alpine.
The alternative would be to check if the base64 binary is actually a symlink to busybox and then revert to the -d option. If that's an acceptable solution, I would change my PR.
There was a problem hiding this comment.
How about just checking in the script whether we run on Darwin and adjust the parameter accordingly?
ldez
added
status/2-needs-review
contributor/waiting-for-corrections
and removed
status/0-needs-triage
labels
contrib/scripts/dumpcerts.sh
Outdated
| alias decode_base64='base64 -d' | ||
| ;; | ||
| *) | ||
| # Max OS-X supports --decode and -D, but --decode may be supported by other platforms as well. |
There was a problem hiding this comment.
Just to complete the picture: We could also invert the logic and switch-case on Darwin to set --decode, and use -d in all other cases (Linux, FreeBSD, you name it).
No idea what might be better. I'd go with your current approach when in doubt.
|
Sorry for the force-push. My last version did not work out (aliases don't work in bash-scripts, it seems). Now I'm using a variable to store the base64-decode command. |
contrib/scripts/dumpcerts.sh
Outdated
| @@ -42,6 +42,18 @@ set -o nounset | |||
|
|
|||
| USAGE="$(basename "$0") <path to acme> <destination cert directory>" | |||
|
|
|||
| # Platform variations | |||
| case `uname` in | |||
There was a problem hiding this comment.
Could you please use $() instead of backticks, just to follow best practices?
There was a problem hiding this comment.
Done. If you want me to squash my commits, just tell me.
There was a problem hiding this comment.
Would by nicer with quotes around, I guess
There was a problem hiding this comment.
True -- let's add quotes for complete happiness. :)
No need to squash, our bot does that.
nknapp
force-pushed
the
patch-2
branch
2 times, most recently
from
c4e1d82
to
371d552
Compare
There was a problem hiding this comment.
Thanks a lot, @nknapp -- the PR looks good to me at this point. 🎉
Alpine Linux' "base64" does not support the "--decode" option. Only "-d". In order to run dumpcerts.sh inside the office "traefik:1.4-alpine" docker-image, "base64" must be called with "-d"
Detects if this is a Mac OSX (FreeBSD) or Linux and uses '--decode' or '-d' depending on the outcome. Mac OSX does not support '-d', but '-D' as shortcut. fixup: remove redundant colon
Alpine Linux' "base64" does not support the
--decodeoption. Only-d.In order to run
dumpcerts.shinside the office "traefik:1.4-alpine" docker-image,base64must be called with-d