From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH] oci: user-data: Try to decode base64 content
Date: Tue, 22 Feb 2022 10:26:36 +0000
Message-ID: <70905D11-24A8-467F-9028-901AA00DEB95@ipfire.org>
In-Reply-To: <9acebb7b-7bae-f826-b6ac-934c7f02267b@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============5951532725747814145=="
List-Id: <development.lists.ipfire.org>

--===============5951532725747814145==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

LOL. I didn=E2=80=99t know this one, yet :)

> On 21 Feb 2022, at 21:32, Peter M=C3=BCller <peter.mueller(a)ipfire.org> wr=
ote:
>=20
> Ah, this must be enterprise cloud security: "Military-grade Base64 ..." m(
>=20
> Anyway,
>=20
> Reviewed-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
>=20
>> Terraform only supports sending any shell scripts encoded in base64
>> which is however not required by Oracle. Therefore we have to test if
>> the script is encoded or not.
>>=20
>> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
>> ---
>> src/initscripts/helper/oci-setup | 21 +++++++++++++++++++++
>> 1 file changed, 21 insertions(+)
>>=20
>> diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci=
-setup
>> index 0763a96e7..98b9858d6 100644
>> --- a/src/initscripts/helper/oci-setup
>> +++ b/src/initscripts/helper/oci-setup
>> @@ -15,6 +15,24 @@ get() {
>> 	wget -qO - "http://169.254.169.254/opc/v1/${file}"
>> }
>>=20
>> +try_base64_decode() {
>> +	local input=3D"${1}"
>> +
>> +	local tmp=3D"$(mktemp)"
>> +
>> +	# Try to decode this and return output if successful
>> +	if base64 -d <<< "${input}" > "${tmp}" 2>/dev/null; then
>> +		echo "$(<${tmp})"
>> +
>> +	# Otherwise just return the input
>> +	else
>> +		echo "${input}"
>> +	fi
>> +
>> +	# Cleanup
>> +	unlink "${tmp}"
>> +}
>> +
>> to_address() {
>> 	local n=3D"${1}"
>>=20
>> @@ -115,6 +133,9 @@ import_oci_configuration() {
>> 		# Download a startup script
>> 		local script=3D"$(get instance/metadata/user_data)"
>>=20
>> +		# Try to decode this
>> +		script=3D"$(try_base64_decode "${script}")"
>> +
>> 		# Execute the script
>> 		if [ "${script:0:2}" =3D "#!" ]; then
>> 			echo "${script}" > /tmp/user-data.script


--===============5951532725747814145==--