From e2fe95bd251d73204d5245117f15241c5e76e944 Mon Sep 17 00:00:00 2001
From: TheSpad <git@spad.co.uk>
Date: Fri, 10 Nov 2023 14:46:15 +0000
Subject: [PATCH 1/3] Default to sanitizing newlines in secrets

---
 root/etc/s6-overlay/s6-rc.d/init-envfile/run | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/root/etc/s6-overlay/s6-rc.d/init-envfile/run b/root/etc/s6-overlay/s6-rc.d/init-envfile/run
index 5dbf809..6c1e524 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-envfile/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-envfile/run
@@ -1,17 +1,19 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 
-if find /run/s6/container_environment/*"FILE__"* -maxdepth 1 > /dev/null 2>&1; then
-    for FILENAME in /run/s6/container_environment/*; do
-        if [[ "${FILENAME##*/}" == "FILE__"* ]]; then
+if find /run/s6/container_environment/FILE__* -maxdepth 1 > /dev/null 2>&1; then
+    for FILENAME in /run/s6/container_environment/FILE__*; do
             SECRETFILE=$(cat "${FILENAME}")
             if [[ -f ${SECRETFILE} ]]; then
                 FILESTRIP=${FILENAME//FILE__/}
-                cat "${SECRETFILE}" >"${FILESTRIP}"
+                if [[ ${SECRET_NO_SANITIZE,,} = "true" ]]; then
+                    cat "${SECRETFILE}" >"${FILESTRIP}"
+                else
+                    tr -d '\n' < "${SECRETFILE}" >"${FILESTRIP}"
+                fi
                 echo "[env-init] ${FILESTRIP##*/} set from ${FILENAME##*/}"
             else
                 echo "[env-init] cannot find secret in ${FILENAME##*/}"
             fi
-        fi
     done
 fi

From ee49d283a66a95e593d19823d75f25b20dd3660a Mon Sep 17 00:00:00 2001
From: TheSpad <git@spad.co.uk>
Date: Sat, 11 Nov 2023 10:39:27 +0000
Subject: [PATCH 2/3] Warn rather than sanitize

---
 root/etc/s6-overlay/s6-rc.d/init-envfile/run | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/root/etc/s6-overlay/s6-rc.d/init-envfile/run b/root/etc/s6-overlay/s6-rc.d/init-envfile/run
index 6c1e524..cc1b62e 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-envfile/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-envfile/run
@@ -6,11 +6,11 @@ if find /run/s6/container_environment/FILE__* -maxdepth 1 > /dev/null 2>&1; then
             SECRETFILE=$(cat "${FILENAME}")
             if [[ -f ${SECRETFILE} ]]; then
                 FILESTRIP=${FILENAME//FILE__/}
-                if [[ ${SECRET_NO_SANITIZE,,} = "true" ]]; then
-                    cat "${SECRETFILE}" >"${FILESTRIP}"
-                else
-                    tr -d '\n' < "${SECRETFILE}" >"${FILESTRIP}"
+                if [[ $(tail -n1 "${SECRETFILE}" | wc -l) = 1 ]]; then
+                    echo "[env-init] Your secret: ${FILENAME##*/}"
+                    echo "           contains a trailing newline and may not work as expected"
                 fi
+                cat "${SECRETFILE}" >"${FILESTRIP}"
                 echo "[env-init] ${FILESTRIP##*/} set from ${FILENAME##*/}"
             else
                 echo "[env-init] cannot find secret in ${FILENAME##*/}"

From 327066ccb429677c97fedb40b6cf8c25d6ef296a Mon Sep 17 00:00:00 2001
From: TheSpad <git@spad.co.uk>
Date: Sat, 11 Nov 2023 20:02:47 +0000
Subject: [PATCH 3/3] !0 instead of 1

---
 root/etc/s6-overlay/s6-rc.d/init-envfile/run | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/root/etc/s6-overlay/s6-rc.d/init-envfile/run b/root/etc/s6-overlay/s6-rc.d/init-envfile/run
index cc1b62e..592df52 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-envfile/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-envfile/run
@@ -6,7 +6,7 @@ if find /run/s6/container_environment/FILE__* -maxdepth 1 > /dev/null 2>&1; then
             SECRETFILE=$(cat "${FILENAME}")
             if [[ -f ${SECRETFILE} ]]; then
                 FILESTRIP=${FILENAME//FILE__/}
-                if [[ $(tail -n1 "${SECRETFILE}" | wc -l) = 1 ]]; then
+                if [[ $(tail -n1 "${SECRETFILE}" | wc -l) != 0 ]]; then
                     echo "[env-init] Your secret: ${FILENAME##*/}"
                     echo "           contains a trailing newline and may not work as expected"
                 fi