github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-22 19:31:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #61098 from ipuustin/shell-bugfix6

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 60373, 61098, 61352, 61359, 61362). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Use mktemp instead of static temporary file path in scripts.

**What this PR does / why we need it**:

Using static file names in `/tmp` is considered to be a security anti-pattern, even if the modern Linux distributions make it difficult for the attacker to use symbolic link attacks against the `/tmp` directory. We should consider changing to the pattern of safely creating a temporary directory which only the user can access and placing the temporary files there. This assumes that `mktemp` command is installed -- it should be a safe assumption since the command is already widely used in the kubernetes scripts.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2018-03-21 22:39:12 -07:00 committed by GitHub
commit 6ccae3060c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hack/build-ui.sh
View File

@ -30,7 +30,8 @@ if ! which go-bindata > /dev/null 2>&1 ; then
exit 1
fi
readonly TMP_DATAFILE="/tmp/datafile.go"
kube::util::ensure-temp-dir
readonly TMP_DATAFILE="${KUBE_TEMP}/datafile.go"
readonly SWAGGER_SRC="third_party/swagger-ui/..."
readonly SWAGGER_PKG="swagger"

8
hack/update-translations.sh
View File

@ -14,6 +14,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
KUBE_ROOT=$(dirname "${BASH_SOURCE}")/..
source "${KUBE_ROOT}/hack/lib/util.sh"
KUBECTL_FILES="pkg/kubectl/cmd/*.go pkg/kubectl/cmd/*/*.go"
generate_pot="false"
@ -62,8 +65,9 @@ if [[ "${generate_pot}" == "true" ]]; then
perl -pi -e 's/CHARSET/UTF-8/' tmp.pot
perl -pi -e 's/\\\(/\\\\\(/g' tmp.pot
perl -pi -e 's/\\\)/\\\\\)/g' tmp.pot
if msgcat -s tmp.pot > /tmp/template.pot; then
mv /tmp/template.pot translations/kubectl/template.pot
kube::util::ensure-temp-dir
if msgcat -s tmp.pot > "${KUBE_TEMP}/template.pot"; then
mv "${KUBE_TEMP}/template.pot" translations/kubectl/template.pot
rm tmp.pot
else
echo "Failed to update template.pot"