From a7c3777035711adf30588544b82b7c678b445fe4 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@758a04ac-41e6-0310-8a23-8373a73cc35d>
Date: Sat, 20 Aug 2005 15:37:57 +0000
Subject: [PATCH] Security fix: duplicity handler used to put the gpg passphase
 on the command line.

git-svn-id: http://code.autistici.org/svn/backupninja/trunk@170 758a04ac-41e6-0310-8a23-8373a73cc35d
---
 etc/backup.d/example.dup |  3 ++-
 handlers/dup             | 10 +++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/etc/backup.d/example.dup b/etc/backup.d/example.dup
index 37ca92e..cd64dd5 100644
--- a/etc/backup.d/example.dup
+++ b/etc/backup.d/example.dup
@@ -15,7 +15,8 @@ nicelevel = 19
 [gpg]
 
 # passphrase needed to unlock the GnuPG key
-password = "a_very_complicated_passphrase"
+# NB: do not quote it, and it should not contain any quote
+password = a_very_complicated_passphrase
 
 # default is no, for backward compatibility with backupninja <= 0.5.
 # when set to yes, encryptkey option must be set below.
diff --git a/handlers/dup b/handlers/dup
index 22f915f..176ac3e 100644
--- a/handlers/dup
+++ b/handlers/dup
@@ -131,17 +131,17 @@ execstr=${execstr//\\*/\\\\\\*}
 
 debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
 if [ ! $test ]; then
+        export PASSPHRASE=$password
 	output=`nice -n $nicelevel \
                   su -c \
-                    "export PASSPHRASE=$password \
-                     && duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
+                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
 	code=$?
-	if [ "$code" == "0" ]; then
+	if [ $code -eq 0 ]; then
 		debug $output
 		info "Duplicity finished successfully."
 	else
-		warning $output
-		warning "Duplicity failed."
+		debug $output
+		fatal "Duplicity failed."
 	fi
 fi	
 
-- 
2.30.2