From 1ca10411466567f69cbfef4b17a11d0900681b4d Mon Sep 17 00:00:00 2001
From: Christian Groschupp <christian.groschupp.ext@hermesworld.com>
Date: Fri, 23 Oct 2020 15:48:51 +0200
Subject: [PATCH 1/2] add filename to exec-file

---
 cmd/sops/main.go                         | 11 +++++++++++
 cmd/sops/subcommand/exec/exec.go         |  9 +++++----
 cmd/sops/subcommand/exec/exec_unix.go    |  4 ++--
 cmd/sops/subcommand/exec/exec_windows.go |  2 +-
 4 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/cmd/sops/main.go b/cmd/sops/main.go
index 11a2ddfc6..58a30eff7 100644
--- a/cmd/sops/main.go
+++ b/cmd/sops/main.go
@@ -132,6 +132,11 @@ func main() {
 					Name:  "user",
 					Usage: "the user to run the command as",
 				},
+				cli.StringFlag{
+					Name:  "filename",
+					Usage: "filename for the temporarily file (default: tmp-file)",
+				},
+
 			}, keyserviceFlags...),
 			Action: func(c *cli.Context) error {
 				if len(c.Args()) != 2 {
@@ -222,12 +227,18 @@ func main() {
 					return toExitError(err)
 				}
 
+				filename := c.String("filename")
+				if filename == "" {
+					filename = "tmp-file"
+				}
+
 				if err := exec.ExecWithFile(exec.ExecOpts{
 					Command:    command,
 					Plaintext:  output,
 					Background: c.Bool("background"),
 					Fifo:       !c.Bool("no-fifo"),
 					User:       c.String("user"),
+					Filename:   c.String("filename"),
 				}); err != nil {
 					return toExitError(err)
 				}
diff --git a/cmd/sops/subcommand/exec/exec.go b/cmd/sops/subcommand/exec/exec.go
index 95f135d79..cd8d33be5 100644
--- a/cmd/sops/subcommand/exec/exec.go
+++ b/cmd/sops/subcommand/exec/exec.go
@@ -24,10 +24,11 @@ type ExecOpts struct {
 	Background bool
 	Fifo       bool
 	User       string
+	Filename   string
 }
 
-func GetFile(dir string) *os.File {
-	handle, err := ioutil.TempFile(dir, "tmp-file")
+func GetFile(dir, filename string) *os.File {
+	handle, err := ioutil.TempFile(dir, filename)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -54,10 +55,10 @@ func ExecWithFile(opts ExecOpts) error {
 	if opts.Fifo {
 		// fifo handling needs to be async, even opening to write
 		// will block if there is no reader present
-		filename = GetPipe(dir)
+		filename = GetPipe(dir, opts.Filename)
 		go WritePipe(filename, opts.Plaintext)
 	} else {
-		handle := GetFile(dir)
+		handle := GetFile(dir, opts.Filename)
 		handle.Write(opts.Plaintext)
 		handle.Close()
 		filename = handle.Name()
diff --git a/cmd/sops/subcommand/exec/exec_unix.go b/cmd/sops/subcommand/exec/exec_unix.go
index f2041b7fb..cc831e798 100644
--- a/cmd/sops/subcommand/exec/exec_unix.go
+++ b/cmd/sops/subcommand/exec/exec_unix.go
@@ -27,8 +27,8 @@ func WritePipe(pipe string, contents []byte) {
 	handle.Close()
 }
 
-func GetPipe(dir string) string {
-	tmpfn := filepath.Join(dir, "tmp-file")
+func GetPipe(dir, filename string) string {
+	tmpfn := filepath.Join(dir, filename)
 	err := syscall.Mkfifo(tmpfn, 0600)
 	if err != nil {
 		log.Fatal(err)
diff --git a/cmd/sops/subcommand/exec/exec_windows.go b/cmd/sops/subcommand/exec/exec_windows.go
index 0c3345384..7e0f21d74 100644
--- a/cmd/sops/subcommand/exec/exec_windows.go
+++ b/cmd/sops/subcommand/exec/exec_windows.go
@@ -12,7 +12,7 @@ func WritePipe(pipe string, contents []byte) {
 	log.Fatal("fifos are not available on windows")
 }
 
-func GetPipe(dir string) string {
+func GetPipe(dir, filename string) string {
 	log.Fatal("fifos are not available on windows")
 	return ""
 }

From 4a5cecab0f03c3fffb68530b941c1ec2d5c42205 Mon Sep 17 00:00:00 2001
From: Christian Groschupp <christian@groschupp.org>
Date: Tue, 29 Dec 2020 10:43:23 +0100
Subject: [PATCH 2/2] update README.rst

---
 README.rst       |  3 +++
 cmd/sops/main.go | 11 +++++------
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/README.rst b/README.rst
index 087aea07a..4c4ed0eec 100644
--- a/README.rst
+++ b/README.rst
@@ -1013,6 +1013,9 @@ encrypted file is only readable by root, but the target program does not
 need root privileges to function. This flag should be used where possible
 for added security.
 
+To overwrite the default file name (``tmp-file``) in ``exec-file`` use the
+``--filename <filename>`` parameter.
+
 .. code:: bash
 
    # the encrypted file can't be read by the current user
diff --git a/cmd/sops/main.go b/cmd/sops/main.go
index 58a30eff7..148daa729 100644
--- a/cmd/sops/main.go
+++ b/cmd/sops/main.go
@@ -132,11 +132,6 @@ func main() {
 					Name:  "user",
 					Usage: "the user to run the command as",
 				},
-				cli.StringFlag{
-					Name:  "filename",
-					Usage: "filename for the temporarily file (default: tmp-file)",
-				},
-
 			}, keyserviceFlags...),
 			Action: func(c *cli.Context) error {
 				if len(c.Args()) != 2 {
@@ -200,6 +195,10 @@ func main() {
 					Name:  "output-type",
 					Usage: "currently json, yaml, dotenv and binary are supported. If not set, sops will use the input file's extension to determine the output format",
 				},
+				cli.StringFlag{
+					Name:  "filename",
+					Usage: "filename for the temporarily file (default: tmp-file)",
+				},
 			}, keyserviceFlags...),
 			Action: func(c *cli.Context) error {
 				if len(c.Args()) != 2 {
@@ -238,7 +237,7 @@ func main() {
 					Background: c.Bool("background"),
 					Fifo:       !c.Bool("no-fifo"),
 					User:       c.String("user"),
-					Filename:   c.String("filename"),
+					Filename:   filename,
 				}); err != nil {
 					return toExitError(err)
 				}