Possible issue with :cookie option of Mix Release

[ronaldwind]

Elixir and Erlang/OTP versions

Elixir 1.16.2 (compiled with Erlang/OTP 26)

Operating system

Linux

Current behavior

The documentation of the :cookie option gives an example of how to pass your own cookie (using Base.url_encode64/1): https://github.com/elixir-lang/elixir/blob/v1.17.1/lib/mix/lib/mix/tasks/release.ex#L403-L406

      If you are setting this option manually, we recommend the cookie option
      to be a long and randomly generated string, such as:
      `Base.url_encode64(:crypto.strong_rand_bytes(40))`. We also recommend to restrict
      the characters in the cookie to the subset returned by `Base.url_encode64/1`.

Base.url_encode64 may result in a string starting with an hyphen (-). This will lead to an issue starting beam with this cookie as the system process is started with a command like beam.smp ... -setcookie [cookie]. When the cookie starts with an hyphen it's interpreted as an argument and erlang will just generate a random new cookie.

Looking at https://github.com/elixir-lang/elixir/blob/main/lib/mix/lib/mix/tasks/release.init.ex#L147 it should actually be --hidden --cookie \"$RELEASE_COOKIE\" \ for it to work with cookies starting with an hyphen.

Maybe just tweaking the docs to use Base.encode32/1 instead would be the best solution as this is what Mix Release also uses (https://github.com/elixir-lang/elixir/blob/main/lib/mix/lib/mix/release.ex#L568)?

Expected behavior

See above