From 57821cfd41e7adc4675d77d88c8986610a5703a3 Mon Sep 17 00:00:00 2001
From: Christian Heller <c.heller@plomlompom.de>
Date: Sun, 23 Mar 2025 17:25:08 +0100
Subject: [PATCH] Further fixes.

---
 testing/home/desktop/.local/bin/borgplom |  1 +
 testing/scripts/_setup_secrets_user.sh   |  3 ---
 testing/scripts/setup_secrets.sh         | 11 ++++-------
 3 files changed, 5 insertions(+), 10 deletions(-)

diff --git a/testing/home/desktop/.local/bin/borgplom b/testing/home/desktop/.local/bin/borgplom
index 559def8..24d84ea 100755
--- a/testing/home/desktop/.local/bin/borgplom
+++ b/testing/home/desktop/.local/bin/borgplom
@@ -31,6 +31,7 @@ if [ "$1" = "orgpull" ]; then
         ARCHIVES=$(borg list "${REPO}")  # separate step so we may fail early on bad passphrase
         RESULT=$?
         set -e
+        echo ''
         if [ "${RESULT}" = "0" ]; then
             break
         elif [ "${RESULT}" != "2" ]; then
diff --git a/testing/scripts/_setup_secrets_user.sh b/testing/scripts/_setup_secrets_user.sh
index ba8720a..3c110e8 100644
--- a/testing/scripts/_setup_secrets_user.sh
+++ b/testing/scripts/_setup_secrets_user.sh
@@ -19,9 +19,6 @@ PATH_KNOWN_HOSTS="${PATH_USER_SSH}/known_hosts"
 REPOS_SITE_DOMAIN=plomlompom.com
 REMOTE_PATH_REPOS=/var/repos
 NAME_BORGAPP=borgplom
-if [ ! -z "$1" ]; then
-    export BORG_PASSPHRASE="$1"
-fi
 
 abort_if_not_user "${USERNAME}"
 abort_if_offline
diff --git a/testing/scripts/setup_secrets.sh b/testing/scripts/setup_secrets.sh
index aaf2011..b90303a 100755
--- a/testing/scripts/setup_secrets.sh
+++ b/testing/scripts/setup_secrets.sh
@@ -14,7 +14,7 @@ cd $(dirname "$0")
 # - PATH_USER_HOME
 # - USERNAME
 
-. "${PATH_USER_HOME}/.nonpath_bins/plomlib.sh"
+. "${PATH_USER_HOME}/.nonpath_bins/plomlib.sh.desktop"
 # for: get_passphrase
 
 export PATH_SECRETS=${PATH_USER_HOME}/to_usb
@@ -39,6 +39,7 @@ while true; do
     echo "${PASSPHRASE}" | pmount "${PATH_DEV}"
     RESULT=$?
     set -e
+    echo ''
     if [ "${RESULT}" = "0" ]; then
         break
     elif [ "${RESULT}" != "100" ]; then
@@ -51,9 +52,5 @@ pumount "${SECRETS_DEV}"
 echo "You can remove ${PATH_DEV} now."
 chown -R "${USERNAME}:${USERNAME}" "${PATH_SECRETS}"
 
-CONTAINS_TICK=$(echo "${PASSPHRASE}" | grep "'" | wc -l)
-if [ "${CONTAINS_TICK}" = "1" ]; then
-  echo "Cannot pass to user script passphrase with illegal character, aborting."
-  exit 1
-fi
-su -l "${USERNAME}" -c "/bin/sh ./$(basename ${PATH_REPO})/${DEBIAN_RELEASE}/scripts/_setup_secrets_user.sh '${PASSPHRASE}'"
+export BORG_PASSPHRASE="${PASSPHRASE}"
+su -l "${USERNAME}" --whitelist-environment=PATH_SECRETS,BORG_PASSPHRASE -c "/bin/sh ./$(basename ${PATH_REPO})/${DEBIAN_RELEASE}/scripts/_setup_secrets_user.sh"
-- 
2.30.2