diff options
| author | Craig Jennings <c@cjennings.net> | 2026-05-23 19:14:29 -0500 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-05-23 19:14:29 -0500 |
| commit | 321ac3d6e9f7fcbddb8793de23c06591b35c80fb (patch) | |
| tree | ec2d6f25a68cc139467fb26f2b9e1ca9ff741938 /docs/design/coverage.org | |
| parent | 3b8fbdf25b6cf2f20e3c575c44daa8062f91251c (diff) | |
| download | dotemacs-321ac3d6e9f7fcbddb8793de23c06591b35c80fb.tar.gz dotemacs-321ac3d6e9f7fcbddb8793de23c06591b35c80fb.zip | |
fix(dwim-shell): delete password temp file after the process exits
The four password commands (PDF protect/unprotect, remove-zip-encryption, create-encrypted-zip) wrote the password to a temp file, launched an async dwim-shell command, then deleted the file in unwind-protect. Since the command is async, that delete ran the instant it launched, so qpdf or 7z could start after the password file was already gone.
I extracted cj/dwim-shell--run-with-password-file and cj/dwim-shell--password-cleanup-callback. The temp file (mode 600) is now deleted from an :on-completion callback that fires after the process exits, on both success and failure, and the synchronous unwind-protect stays only as a backstop for a throw before the async launch. All four commands now go through the one helper.
qpdf already reads the password via --password-file, so it stays out of the argv. 7z still takes it as -p"$(cat ...)", which lands on its command line. That's tracked as a separate follow-up.
Diffstat (limited to 'docs/design/coverage.org')
0 files changed, 0 insertions, 0 deletions