#!/bin/sh
# -*- Mode: sh; indent-tabs-mode: nil; tab-width: 2; coding: utf-8 -*-
#
# This file is part of Déjà Dup.
# For copyright information, see AUTHORS.
#
# Déjà Dup is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Déjà Dup is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Déjà Dup.  If not, see <http://www.gnu.org/licenses/>.

# This script *could* just be a symlink to '/bin/sh' and do the same thing.
# But since this script is meant to be called by pkexec to operate as root,
# it didn't seem smart to install a polkit action that gave /bin/sh an
# innocent description that could be called by other programs.
#
# However, we should be mindful of attacks here and quote everything carefully.

set -e

# The first argument is going to be a file to read and export some variables
# from. We do this in a file to avoid any environment variables being listed
# on the command line (and visible from 'ps') and because pkexec will strip
# our environment before we see them normally.
# The second argument is "duplicity"
# All other arguments are for duplicity.

while read line; do
  case "$line" in
    PASSPHRASE=*|AWS_*=*|CLOUDFILES_*=*|GS_*=*|SWIFT_*=*|GOOGLE_*=*)
      export "$line"
      ;;
    *)
      # Do not echo it here, else someone could read any file via this
      echo "Invalid environment variable passed"
      exit 1
  esac
done < "$1"
shift

[ "$1" = "duplicity" ] || exit 1

# PATH should be made safe by pkexec, so let's find duplicity on system
exec "$@"
