add filename to exec-file (#761)

* add filename to exec-file

* update README.rst

Co-authored-by: Christian Groschupp <christian.groschupp.ext@hermesworld.com>

Author: cgroschupp

README.rst

@@ -1013,6 +1013,9 @@ encrypted file is only readable by root, but the target program does not
 need root privileges to function. This flag should be used where possible
 for added security.
 
+To overwrite the default file name (``tmp-file``) in ``exec-file`` use the
+``--filename <filename>`` parameter.
+
 .. code:: bash
 
    # the encrypted file can't be read by the current user

cmd/sops/main.go

@@ -195,6 +195,10 @@ func main() {
 					Name:  "output-type",
 					Usage: "currently json, yaml, dotenv and binary are supported. If not set, sops will use the input file's extension to determine the output format",
 				},
+				cli.StringFlag{
+					Name:  "filename",
+					Usage: "filename for the temporarily file (default: tmp-file)",
+				},
 			}, keyserviceFlags...),
 			Action: func(c *cli.Context) error {
 				if len(c.Args()) != 2 {
@@ -222,12 +226,18 @@ func main() {
 					return toExitError(err)
 				}
 
+				filename := c.String("filename")
+				if filename == "" {
+					filename = "tmp-file"
+				}
+
 				if err := exec.ExecWithFile(exec.ExecOpts{
 					Command:    command,
 					Plaintext:  output,
 					Background: c.Bool("background"),
 					Fifo:       !c.Bool("no-fifo"),
 					User:       c.String("user"),
+					Filename:   filename,
 				}); err != nil {
 					return toExitError(err)
 				}

cmd/sops/subcommand/exec/exec.go

@@ -24,10 +24,11 @@ type ExecOpts struct {
 	Background bool
 	Fifo       bool
 	User       string
+	Filename   string
 }
 
-func GetFile(dir string) *os.File {
-	handle, err := ioutil.TempFile(dir, "tmp-file")
+func GetFile(dir, filename string) *os.File {
+	handle, err := ioutil.TempFile(dir, filename)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -54,10 +55,10 @@ func ExecWithFile(opts ExecOpts) error {
 	if opts.Fifo {
 		// fifo handling needs to be async, even opening to write
 		// will block if there is no reader present
-		filename = GetPipe(dir)
+		filename = GetPipe(dir, opts.Filename)
 		go WritePipe(filename, opts.Plaintext)
 	} else {
-		handle := GetFile(dir)
+		handle := GetFile(dir, opts.Filename)
 		handle.Write(opts.Plaintext)
 		handle.Close()
 		filename = handle.Name()

cmd/sops/subcommand/exec/exec_unix.go

@@ -27,8 +27,8 @@ func WritePipe(pipe string, contents []byte) {
 	handle.Close()
 }
 
-func GetPipe(dir string) string {
-	tmpfn := filepath.Join(dir, "tmp-file")
+func GetPipe(dir, filename string) string {
+	tmpfn := filepath.Join(dir, filename)
 	err := syscall.Mkfifo(tmpfn, 0600)
 	if err != nil {
 		log.Fatal(err)

cmd/sops/subcommand/exec/exec_windows.go

@@ -12,7 +12,7 @@ func WritePipe(pipe string, contents []byte) {
 	log.Fatal("fifos are not available on windows")
 }
 
-func GetPipe(dir string) string {
+func GetPipe(dir, filename string) string {
 	log.Fatal("fifos are not available on windows")
 	return ""
 }