From 4a3ef4120ed100ef7e2e6fa09d523ea6d4dcc258 Mon Sep 17 00:00:00 2001
From: Brad Warren <bmw@eff.org>
Date: Mon, 24 Jul 2017 17:20:32 -0700
Subject: [PATCH] Preserve select environment variables with su.

---
 letsencrypt-auto-source/letsencrypt-auto          | 9 +++++++--
 letsencrypt-auto-source/letsencrypt-auto.template | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/letsencrypt-auto-source/letsencrypt-auto b/letsencrypt-auto-source/letsencrypt-auto
index b4c1a0fb7..593f83c8c 100755
--- a/letsencrypt-auto-source/letsencrypt-auto
+++ b/letsencrypt-auto-source/letsencrypt-auto
@@ -133,8 +133,8 @@ fi
 PRESERVE_VARS="LE_AUTO_DIR_TEMPLATE LE_AUTO_JSON_URL LE_AUTO_PUBLIC_KEY "
 PRESERVE_VARS="$PRESERVE_VARS LE_PYTHON OLD_VENV_PATH VENV_PATH"
 
-# Because the parameters in `su -c` has to be a string,
-# we need to properly escape it.
+# We need to preserve certain environment variables and because the parameters
+# in `su -c` has to be a string, we need to properly escape it.
 su_sudo() {
   args=""
   # This `while` loop iterates over all parameters given to this function.
@@ -151,6 +151,11 @@ su_sudo() {
     args="$args'$(printf "%s" "$1" | sed -e "s/'/'\"'\"'/g")' "
     shift
   done
+
+  for var in $PRESERVE_VARS; do
+    export $var
+  done
+
   su root -c "$args"
 }
 
diff --git a/letsencrypt-auto-source/letsencrypt-auto.template b/letsencrypt-auto-source/letsencrypt-auto.template
index 2ac3631b0..cc578ff1b 100755
--- a/letsencrypt-auto-source/letsencrypt-auto.template
+++ b/letsencrypt-auto-source/letsencrypt-auto.template
@@ -133,8 +133,8 @@ fi
 PRESERVE_VARS="LE_AUTO_DIR_TEMPLATE LE_AUTO_JSON_URL LE_AUTO_PUBLIC_KEY "
 PRESERVE_VARS="$PRESERVE_VARS LE_PYTHON OLD_VENV_PATH VENV_PATH"
 
-# Because the parameters in `su -c` has to be a string,
-# we need to properly escape it.
+# We need to preserve certain environment variables and because the parameters
+# in `su -c` has to be a string, we need to properly escape it.
 su_sudo() {
   args=""
   # This `while` loop iterates over all parameters given to this function.
@@ -151,6 +151,11 @@ su_sudo() {
     args="$args'$(printf "%s" "$1" | sed -e "s/'/'\"'\"'/g")' "
     shift
   done
+
+  for var in $PRESERVE_VARS; do
+    export $var
+  done
+
   su root -c "$args"
 }