sops execfile filename should not have a random suffix appended in --no-fifo mode

[isavcic]

Hello,

Some programs (in this case, Chef knife) expect the file extension to reflect the data type of the file.

When performing sops exec-file --filename tmp.json --no-fifo my-role.json 'knife role from file {}', knife breaks because the file name is not tmp.json, as requested, but something along the lines of /private/var/folders/vy/_x8ql9xb6ehd634h9q00000gn/T/.sops2839518645/tmp.json3758396011.

In my opinion, there is no real benefit for sops to essentially randomize the extension, as the whole path is essentially security by obscurity anyhow and adding one more unnecessary "layer" to it won't prevent shell globbing from catching the file name anyway.

When using a FIFO (default), the temporary file name is as expected, with no random suffix appended to the file name.

Thanks.

[felixfontein]

Interestingly this behavior was kept when #761 got implemented, whose aim was Some tools (e.g. Terraform) require the right file extension to recognize the file type..

My guess is that it it's OK to keep the random extension if --filename isn't specified, but it definitely shouldn't use a random extension in case --filename is specified.

[felixfontein]

#1474 should fix this.