My Emacs configuration https://git.cjennings.net/dotemacs/atom?h=main 2026-05-24T00:14:29+00:00 2026-05-24T00:14:29+00:00 Craig Jennings c@cjennings.net 2026-05-24T00:14:29+00:00 urn:sha1:321ac3d6e9f7fcbddb8793de23c06591b35c80fb The four password commands (PDF protect/unprotect, remove-zip-encryption, create-encrypted-zip) wrote the password to a temp file, launched an async dwim-shell command, then deleted the file in unwind-protect. Since the command is async, that delete ran the instant it launched, so qpdf or 7z could start after the password file was already gone. I extracted cj/dwim-shell--run-with-password-file and cj/dwim-shell--password-cleanup-callback. The temp file (mode 600) is now deleted from an :on-completion callback that fires after the process exits, on both success and failure, and the synchronous unwind-protect stays only as a backstop for a throw before the async launch. All four commands now go through the one helper. qpdf already reads the password via --password-file, so it stays out of the argv. 7z still takes it as -p"$(cat ...)", which lands on its command line. That's tracked as a separate follow-up.