From c833a53060e4da9ae8703129f92a134ace9380f3 Mon Sep 17 00:00:00 2001
From: TheSpad <git@spad.co.uk>
Date: Fri, 10 Nov 2023 14:49:00 +0000
Subject: [PATCH] Default to sanitizing newlines in secrets

---
 root/etc/s6-overlay/s6-rc.d/init-envfile/run | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/root/etc/s6-overlay/s6-rc.d/init-envfile/run b/root/etc/s6-overlay/s6-rc.d/init-envfile/run
index 5dbf809..6c1e524 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-envfile/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-envfile/run
@@ -1,17 +1,19 @@
 #!/usr/bin/with-contenv bash
 # shellcheck shell=bash
 
-if find /run/s6/container_environment/*"FILE__"* -maxdepth 1 > /dev/null 2>&1; then
-    for FILENAME in /run/s6/container_environment/*; do
-        if [[ "${FILENAME##*/}" == "FILE__"* ]]; then
+if find /run/s6/container_environment/FILE__* -maxdepth 1 > /dev/null 2>&1; then
+    for FILENAME in /run/s6/container_environment/FILE__*; do
             SECRETFILE=$(cat "${FILENAME}")
             if [[ -f ${SECRETFILE} ]]; then
                 FILESTRIP=${FILENAME//FILE__/}
-                cat "${SECRETFILE}" >"${FILESTRIP}"
+                if [[ ${SECRET_NO_SANITIZE,,} = "true" ]]; then
+                    cat "${SECRETFILE}" >"${FILESTRIP}"
+                else
+                    tr -d '\n' < "${SECRETFILE}" >"${FILESTRIP}"
+                fi
                 echo "[env-init] ${FILESTRIP##*/} set from ${FILENAME##*/}"
             else
                 echo "[env-init] cannot find secret in ${FILENAME##*/}"
             fi
-        fi
     done
 fi