| Message ID | 20220222125135.1211290-34-michael.tremer@ipfire.org |
|---|---|
| State | Dropped |
| Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4K2zbJ56VTz3xgm for <patchwork@web04.haj.ipfire.org>; Tue, 22 Feb 2022 12:52:28 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4K2zZq0xx4z5Z7; Tue, 22 Feb 2022 12:52:03 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4K2zZk45wfz32Nr; Tue, 22 Feb 2022 12:51:58 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4K2zZh55KVz315x for <development@lists.ipfire.org>; Tue, 22 Feb 2022 12:51:56 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4K2zZh15DCz5SZ; Tue, 22 Feb 2022 12:51:56 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1645534316; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TMyZCCxN1VUQiEwhd2QZqezlDG16Lnh+U/ZmE2NMaI0=; b=MwOgAknnY0AHzt2ACXNjCTC6sTREYOHxUiImC61hEGUU66i9FnPvYjAybGJmnJqiCDbHrG BT6wdcloukW2DoBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1645534316; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TMyZCCxN1VUQiEwhd2QZqezlDG16Lnh+U/ZmE2NMaI0=; b=gfoNaTIiZqA8FRaBUDqlcnAQBC+1ZNIjJ44c3n+fFNFCewOdfBV2CBLRRaLZeNu2QiWo6T 3b4Ufj4nsVbWaSV8wrtuJ31n+SVjKpKx7+ejQQvqEExZZpvyCV22fnelIjsXPB8y5OxxYS 2DchE9LQkfj85/GdFN8QLnJ07wnjByC0H+C9wFyt7R4L9Sv1furQilOz6/Cj7tNVx6JO7t Zo01dhySeZbWFOHDetsiHqbUctZoQ29EMHz685qo7ADQ1f1+xs4ljlT8dCLhBHYbtHYmug OUMJ63gD1q+Jmk8BVsFPTC2WjVi+nGmU2ocZ6nkwmbOlMtgxLePMJsPhEKbmug== From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 33/50] oci: user-data: Try to decode base64 content Date: Tue, 22 Feb 2022 12:51:18 +0000 Message-Id: <20220222125135.1211290-34-michael.tremer@ipfire.org> In-Reply-To: <20220222125135.1211290-1-michael.tremer@ipfire.org> References: <20220222125135.1211290-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Cc: Michael Tremer <michael.tremer@ipfire.org> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
| Series |
[01/50] expat: Update to version 2.4.6 - Security/CVE fixes
|
|
Commit Message
Michael Tremer
Feb. 22, 2022, 12:51 p.m. UTC
Terraform only supports sending any shell scripts encoded in base64 which is however not required by Oracle. Therefore we have to test if the script is encoded or not. Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Reviewed-by: Peter Müller <peter.mueller@ipfire.org> --- src/initscripts/helper/oci-setup | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci-setup index 4dbc05ae3..782fde5a2 100644 --- a/src/initscripts/helper/oci-setup +++ b/src/initscripts/helper/oci-setup @@ -34,6 +34,24 @@ get() { wget -qO - "http://169.254.169.254/opc/v1/${file}" } +try_base64_decode() { + local input="${1}" + + local tmp="$(mktemp)" + + # Try to decode this and return output if successful + if base64 -d <<< "${input}" > "${tmp}" 2>/dev/null; then + echo "$(<${tmp})" + + # Otherwise just return the input + else + echo "${input}" + fi + + # Cleanup + unlink "${tmp}" +} + to_address() { local n="${1}" @@ -134,6 +152,9 @@ import_oci_configuration() { # Download a startup script local script="$(get instance/metadata/user_data)" + # Try to decode this + script="$(try_base64_decode "${script}")" + # Execute the script if [ "${script:0:2}" = "#!" ]; then echo "${script}" > /tmp/user-data.script