sops edits a readonly temp file on Windows

[Northburns]

I have a sops encrypted file foo.enc.json and when I run sops foo.enc.json, vim tells me:

"~\AppData\Local\Temp\1012848330\foo.enc.json" [readonly][Incomplete last line][unix format] 3 lines, 13 characters

This happens both on Windows and Cygwin, so I guess it's an issue with the Windows binary. This issue doesn't appear on the Linux binary. Tested on Sops v3.7.2.

I think the function in editTree in edit.go is where it's at, but my Go's real rusty. Please tell me if I can assist in some way.

https://github.com/mozilla/sops/blob/v3.7.2/cmd/sops/edit.go#L110

[Varriount]

So, I believe this bug will happen with any editor that attempts to call CreateFile with FILE_SHARE_DELETE access. I can't say whether Vim does this, but I know Sublime Text does.

On Windows, the Go standard library opens files with only FILE_SHARE_READ and FILE_SHARE_WRITE access, which means that if a Golang-written process is the first to open a handle to a particular file, other processes will be prevented from deleting the file (or even opening the file with deletion privileges).
Unfortunately, this doesn't seem likely to change any time soon.

There are a couple of solutions here:

• Have sops close the file before opening the editor.
• Reimplement the syscall package's Open function.

I feel the first option is most appropriate, inelegant as it may be.

[mrcarter7]

When will this fix get merged/released?

EDIT: I see the PR was closed almost immediately - is there another work around/fix?

[hiddeco]

This has been released in https://github.com/getsops/sops/releases/tag/v3.8.0-rc.1 via #1265. Official v3.8.0 release is scheduled for this week.

[mrcarter7]

So even with the new version of sops it still tries to create the file in my temp folder - I can't move it /re-save it without it breaking the actual encryption action - its not really usable on Windows as far as I can tell

[hiddeco]

The file getting created in a temporary folder is by design, the idea is that SOPS will open an editor to modify the file and wait until you have stored your change. I do not see why you would want to move and/or re-save it. Also see #127.

[mrcarter7]

okay - so earlier when I saved (my editor is vscode with wait) it would tell me file not changed and nothing would happen. I must have fixed something (not sure what) but now when I save the temp file it puts the encrypted counterpart in my working directory which is what I was expecting based on the documents. Thanks!