Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v3.7.3 #1056

Merged
merged 36 commits into from
May 9, 2022
Merged

v3.7.3 #1056

merged 36 commits into from
May 9, 2022

Conversation

ajvb
Copy link
Contributor

@ajvb ajvb commented May 9, 2022

No description provided.

ikedam and others added 30 commits July 24, 2021 15:29
@ikedam
Add a test to reproduce #907
75cd389
@ikedam
Allow empty maps for yaml (#907)
108b211
@joshkaplinsky
support gcp credentials as env var
ea8b3bb
@joshkaplinsky
Update keysource.go
c0dc484
@ikedam
Merge remote-tracking branch 'remotes/origin/develop' into feature/90…
63fa89c 
…7_FixEmptyYaml
@ikedam
Build alpine container in CI (#870)
b926cf9
@ajvb
Upgrade all dependencies
234bf9f
@ajvb
Merge pull request #1024 from mozilla/ajvb/upgrade-packages
6283fbe 
Upgrade all dependencies
@shouichi
Remove duplicated stage from Dockerfile.alpine
4277de4
@FnTm
Explicitly build linux amd64 binary
605fb27 
Previous setup relied implicitly of the correct file to be there. Introduction of arm64 builds broke that implicit assumption.
@ajvb
Merge pull request #1026 from FnTm/explicit-linux-build
7d94fdb 
Explicitly build linux amd64 binary
@ajvb
Merge pull request #1025 from shouichi/remove-duplicated-stage
e682723 
Remove duplicated stage from Dockerfile.alpine
@cedi
This fixes a bug with age encryption when specifying multiple age rec…
7ebee3d 
…ipients

I encountered an issue when I tried so specify multiple age recipients
in the .sops.yaml config file of my repository.

I tried running `sops --age 'agePubKey1,agePubKey2' -e -i values.secret.yaml`
which produced an appropriate file with two entries in the `/sops/age/-`
part of the encrypted yaml file.

However, I then continued to set multiple recipients in my .sops.yaml
file to simplify handling:

```yaml
creation_rules:
  - encrypted_regex: '^(data|stringData|spec)$'
    age: 'agePubKey1,agePubKey2'
```

However, this resulted in encryption only being done for the first
specified agePubKey, not the second or third one.

After digging a bit trough the code, I think this should fix it.

I verified the fix locally on my machine and got it working. Also adding
some unit tests and extending the repository examples so they can be
decrypted using the age keys provided in `age/keys.txt`

Signed-off-by: Cedric Kienzler <[email protected]>
@cedi
Make masterKeyFromRecipient private
b5f5f28 
In [this](#966 (comment)) comment
it was proposed to make `masterKeyFromRecipient` private to avoid
reintroducing this bug in the future.
Since I agree with the Idea, this change will make the mehtod private
and update all unit-tests to use the `MasterKeysFromRecipients` method
instead.

Signed-off-by: Cedric Kienzler <[email protected]>
@cedi
Add tests for single key
1dc90ad 
Adding tests to verify we do not break the usage of a single AGE key

Signed-off-by: Cedric Kienzler <[email protected]>
@ajvb
Merge pull request #966 from cedi/fix/sops-multi-recipient
66090e7 
[Fix] sops multi recipient for age encryption
@ajvb
Merge pull request #908 from ikedam/feature/907_FixEmptyYaml
e2c0479 
Allow empty maps for yaml (#907)
@ajvb
Merge pull request #1018 from ikedam/feature/870_EnsureAlpineBuildWithCi
dea9bf9 
Build alpine container in CI (#870)
@ikedam
Use latest dockerd in CI to allow build alpine image (#870)
3875b00
@ajvb
Merge pull request #1032 from ikedam/feature/870_UseLatestDockerd
268b5ff 
Use latest dockerd in CI to allow build alpine image (#870)
@hiddeco
keyservice: accept KeyServiceServer in LocalClient
7138185 
This allows for easier injection of your own (local) key service server
implementation, in situations where e.g. you do not want to rely on
environment variables or other runtime defaults.

It is not of impact to end-users, but improves the experience of
developers making use of SOPS as an SDK to e.g. provide decryption
services to users. As they will now in many cases end up copying this
bit of code to make this precise change.

Signed-off-by: Hidde Beydals <[email protected]>
@ajvb
Limit role session name length to 64 characters.
1bb30e2 
Originally fixed by @SinisterMinister

Fixes #741
@ajvb
Merge pull request #1037 from mozilla/ajvb/limit-role-length
0f8c335 
Limit role session name length to 64 characters.
@ajvb
Merge pull request #1035 from hiddeco/localclient-server-interface
f5195eb 
keyservice: accept KeyServiceServer in LocalClient
@hiddeco
Update golang.org/x/crypto
a01208c 
Version past CVE-2022-27191.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
Update keyservice implementation dependencies
e128fa2 
Latest API clients are (most) often greatest.

Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
Update golang.org/x/{net,oauth2,sys} dependencies
220b652 
Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
Update remaining dependencies
477b61f 
Signed-off-by: Hidde Beydals <[email protected]>
@hiddeco
Replace x/crypto/openpgp with ProtonMail/go-crypto
25817ed 
As `golang.org/x/crypto/openpgp` has been deprecated (see
golang/go#44226 for details).

Signed-off-by: Hidde Beydals <[email protected]>
@joshkaplinsky
Merge remote-tracking branch 'upstream/develop' into develop
07aea97
@ajvb ajvb merged commit e1edc05 into master May 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@ajvb @ikedam @joshkaplinsky @shouichi @FnTm @cedi @hiddeco