kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

secure mktemp

Browse Source
This commit is contained in:
Kierán Meinhardt
2025-12-27 07:29:47 +01:00
parent b233c18709
commit 95e5a58f15
7 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
configs/admin-essentials.nix
View File

@@ -68,12 +68,19 @@ in {
}; };
}; };
environment.interactiveShellInit = ''
# Use XDG_RUNTIME_DIR for temporary files if available
if [ -d "$XDG_RUNTIME_DIR" ]; then
export TMPDIR="$XDG_RUNTIME_DIR"
fi
'';
environment.shellAliases = let environment.shellAliases = let
take = pkgs.writers.writeDash "take" '' take = pkgs.writers.writeDash "take" ''
mkdir "$1" && cd "$1" mkdir "$1" && cd "$1"
''; '';
cdt = pkgs.writers.writeDash "cdt" '' cdt = pkgs.writers.writeDash "cdt" ''
cd "$(mktemp -d)" cd $(mktemp -p "$XDG_RUNTIME_DIR" -d "cdt-XXXXXX")
pwd pwd
''; '';
wcd = pkgs.writers.writeDash "wcd" '' wcd = pkgs.writers.writeDash "wcd" ''

2
configs/aerc.nix
View File

@@ -306,7 +306,7 @@
openers = openers =
let let
as-pdf = pkgs.writers.writeDash "as-pdf" '' as-pdf = pkgs.writers.writeDash "as-pdf" ''
d=$(mktemp -d) d=$(mktemp -p "$XDG_RUNTIME_DIR" -d)
trap clean EXIT trap clean EXIT
clean() { clean() {
rm -rf "$d" rm -rf "$d"

2
configs/backup.nix
View File

@@ -41,7 +41,7 @@
${pkgs.restic}/bin/restic -r ${pkgs.lib.niveum.restic.repository} -p ${config.age.secrets.restic.path} "$@" ${pkgs.restic}/bin/restic -r ${pkgs.lib.niveum.restic.repository} -p ${config.age.secrets.restic.path} "$@"
'') '')
(pkgs.writers.writeDashBin "restic-mount" '' (pkgs.writers.writeDashBin "restic-mount" ''
mountdir=$(mktemp -d) mountdir=$(mktemp -p "$XDG_RUNTIME_DIR" -d "restic-mount-XXXXXXX")
trap clean EXIT trap clean EXIT
clean() { clean() {
rm -r "$mountdir" rm -r "$mountdir"

2
configs/cloud.nix
View File

@@ -89,7 +89,7 @@
selection="$(${megatools "ls"} | ${pkgs.fzf}/bin/fzf)" selection="$(${megatools "ls"} | ${pkgs.fzf}/bin/fzf)"
test -n "$selection" || exit 1 test -n "$selection" || exit 1
tmpdir="$(mktemp -d)" tmpdir="$(mktemp -p "$XDG_RUNTIME_DIR" -d)"
trap clean EXIT trap clean EXIT
clean() { clean() {
rm -rf "$tmpdir" rm -rf "$tmpdir"

2
packages/cro.nix
View File

@@ -4,7 +4,7 @@ chromium.override {
"--disable-sync" "--disable-sync"
"--no-default-browser-check" "--no-default-browser-check"
"--no-first-run" "--no-first-run"
"--user-data-dir=$(${coreutils}/bin/mktemp -d)" "--user-data-dir=$(${coreutils}/bin/mktemp -p $XDG_RUNTIME_DIR -d chromium-XXXXXX)"
"--incognito" "--incognito"
]; ];
} }

4
packages/fzfmenu.nix
View File

@@ -12,8 +12,8 @@ writers.writeBashBin "fzfmenu" ''
PATH=$PATH:${lib.makeBinPath [st fzf dash]} PATH=$PATH:${lib.makeBinPath [st fzf dash]}
input=$(mktemp -u --suffix .fzfmenu.input) input=$(mktemp -p "$XDG_RUNTIME_DIR" -u --suffix .fzfmenu.input)
output=$(mktemp -u --suffix .fzfmenu.output) output=$(mktemp -p "$XDG_RUNTIME_DIR" -u --suffix .fzfmenu.output)
mkfifo "$input" mkfifo "$input"
mkfifo "$output" mkfifo "$output"
chmod 600 "$input" "$output" chmod 600 "$input" "$output"

2
packages/qrpaste.nix
View File

@@ -6,7 +6,7 @@
nsxiv, nsxiv,
}: }:
writers.writeDashBin "qrpaste" '' writers.writeDashBin "qrpaste" ''
file="$(${mktemp}/bin/mktemp --tmpdir)" file="$(${mktemp}/bin/mktemp -p "$XDG_RUNTIME_DIR" qrpaste-XXXXXX.png)"
trap clean EXIT trap clean EXIT
clean() { clean() {
rm "$file" rm "$file"