#!/bin/sh
# -*- Mode: sh; indent-tabs-mode: nil; tab-width: 2; coding: utf-8 -*-
#
# SPDX-License-Identifier: GPL-3.0-or-later
# SPDX-FileCopyrightText: Michael Terry
# This script *could* just be a symlink to '/bin/sh' and do the same thing.
# But since this script is meant to be called by pkexec to operate as root,
# it didn't seem smart to install a polkit action that gave /bin/sh an
# innocent description that could be called by other programs.
#
# However, we should be mindful of attacks here and quote everything carefully.
set -e
# The first argument is going to be a file to read and export some variables
# from. We do this in a file to avoid any environment variables being listed
# on the command line (and visible from 'ps') and because pkexec will strip
# our environment before we see them normally.
# The second argument is "duplicity"
# All other arguments are for duplicity.
while read line; do
case "$line" in
PASSPHRASE=*|AWS_*=*|CLOUDFILES_*=*|GS_*=*|SWIFT_*=*|GOOGLE_*=*)
export "$line"
;;
*)
# Do not echo it here, else someone could read any file via this
echo "Invalid environment variable passed"
exit 1
esac
done < "$1"
shift
[ "$1" = "duplicity" ] || exit 1
# PATH should be made safe by pkexec, so let's find duplicity on system
exec "$@"