func edit(c *cli.Context, file string, fileBytes []byte) ([]byte, error) { var tree sops.Tree var stash map[string][]interface{} var err error if fileBytes == nil { tree, err = loadExample(c, file) } else { tree, err = loadEncryptedFile(c, inputStore(c, file), fileBytes) if err != nil { return nil, err } tree, stash, err = decryptTree(tree, c.Bool("ignore-mac")) if err != nil { return nil, err } } if err != nil { return nil, cli.NewExitError(fmt.Sprintf("Could not load file: %s", err), exitCouldNotReadInputFile) } tmpdir, err := ioutil.TempDir("", "") if err != nil { return nil, cli.NewExitError(fmt.Sprintf("Could not create temporary directory: %s", err), exitCouldNotWriteOutputFile) } defer os.RemoveAll(tmpdir) tmpfile, err := os.Create(path.Join(tmpdir, path.Base(file))) if err != nil { return nil, cli.NewExitError(fmt.Sprintf("Could not create temporary file: %s", err), exitCouldNotWriteOutputFile) } var out []byte if c.Bool("show-master-keys") { out, err = outputStore(c, file).MarshalWithMetadata(tree.Branch, tree.Metadata) } else { out, err = outputStore(c, file).Marshal(tree.Branch) } if err != nil { return nil, cli.NewExitError(fmt.Sprintf("Could not marshal tree: %s", err), exitErrorDumpingTree) } _, err = tmpfile.Write(out) if err != nil { return nil, cli.NewExitError(fmt.Sprintf("Could not write output file: %s", err), exitCouldNotWriteOutputFile) } origHash, err := hashFile(tmpfile.Name()) if err != nil { return nil, cli.NewExitError(fmt.Sprintf("Could not hash file: %s", err), exitCouldNotReadInputFile) } for { err = runEditor(tmpfile.Name()) if err != nil { return nil, cli.NewExitError(fmt.Sprintf("Could not run editor: %s", err), exitNoEditorFound) } newHash, err := hashFile(tmpfile.Name()) if err != nil { return nil, cli.NewExitError(fmt.Sprintf("Could not hash file: %s", err), exitCouldNotReadInputFile) } if bytes.Equal(newHash, origHash) { return nil, cli.NewExitError("File has not changed, exiting.", exitFileHasNotBeenModified) } edited, err := ioutil.ReadFile(tmpfile.Name()) if err != nil { return nil, cli.NewExitError(fmt.Sprintf("Could not read edited file: %s", err), exitCouldNotReadInputFile) } newBranch, err := inputStore(c, file).Unmarshal(edited) if err != nil { fmt.Printf("Could not load tree: %s\nProbably invalid syntax. Press a key to return to the editor, or Ctrl+C to exit.", err) bufio.NewReader(os.Stdin).ReadByte() continue } if c.Bool("show-master-keys") { metadata, err := inputStore(c, file).UnmarshalMetadata(edited) if err != nil { fmt.Printf("sops branch is invalid: %s.\nPress a key to return to the editor, or Ctrl+C to exit.", err) bufio.NewReader(os.Stdin).ReadByte() continue } tree.Metadata = metadata } tree.Branch = newBranch tree.Metadata.Version = version if tree.Metadata.MasterKeyCount() == 0 { fmt.Println("No master keys were provided, so sops can't encrypt the file.\nPress a key to return to the editor, or Ctrl+C to exit.") bufio.NewReader(os.Stdin).ReadByte() continue } break } tree, err = encryptTree(tree, stash) if err != nil { return nil, err } out, err = outputStore(c, file).MarshalWithMetadata(tree.Branch, tree.Metadata) if err != nil { return nil, cli.NewExitError(fmt.Sprintf("Could not marshal tree: %s", err), exitErrorDumpingTree) } return out, nil }