From ca5d6b090509d71028a5b1e986b34ba511f3729a Mon Sep 17 00:00:00 2001 From: fuleinist Date: Wed, 20 May 2026 00:10:14 +0800 Subject: [PATCH] fix: preserve trailing newlines in unchanged --set literals Fixes jkroepke/helm-secrets#752 Command substitution $( ) strips trailing newlines, so a --set literal ending in a newline always fails the string-comparison equality check and triggers unnecessary comma escaping on the output. Add a length check via printf+wc-c so unchanged literals (including those that only differ by a stripped trailing newline) skip escaping. --- scripts/commands/helm.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/commands/helm.sh b/scripts/commands/helm.sh index ea812d91..bdf48ef2 100644 --- a/scripts/commands/helm.sh +++ b/scripts/commands/helm.sh @@ -135,7 +135,12 @@ helm_wrapper() { fatal 'Unable to decrypt literal value %s' "${literal}" fi - if [ "${decrypted_literal}" = "${literal}" ]; then + + # Command substitution $( ) strips trailing newlines, so a literal ending in a newline + # will never equal its decrypted value (both the same plain-text string, but lengths differ). + # Comparing length via printf+wc-c distinguishes unchanged values from values that only + # lost a trailing newline due to shell expansion. + if [ "${decrypted_literal}" = "${literal}" ] && [ "$(printf "%s" "${decrypted_literal}" | wc -c)" -eq "$(printf "%s" "${literal}" | wc -c)" ]; then decrypted_literals="${decrypted_literals}${opt_prefix}${decrypted_literal}," else decrypted_literals="${decrypted_literals}${opt_prefix}$(printf '%s' "${decrypted_literal}" | sed -e 's/\\/\\\\/g' | sed -e 's/,/\\,/g'),"