From 7232ff9ea01c1510e5d8e4ef1aea0025f5250824 Mon Sep 17 00:00:00 2001
From: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
Date: Wed, 4 May 2022 14:41:21 +0530
Subject: [PATCH] modify tmp dir generation to be absolute on all OSes

Signed-off-by: Sanskar Jaiswal <jaiswalsanskar078@gmail.com>
---
 cmd/flux/bootstrap.go                  |  4 +--
 cmd/flux/bootstrap_bitbucket_server.go |  3 +-
 cmd/flux/bootstrap_git.go              |  3 +-
 cmd/flux/bootstrap_github.go           |  3 +-
 cmd/flux/bootstrap_gitlab.go           |  3 +-
 cmd/flux/install.go                    |  3 +-
 pkg/manifestgen/install/install.go     |  2 +-
 pkg/manifestgen/install/manifests.go   |  8 +++++-
 pkg/manifestgen/tmpdir.go              | 38 ++++++++++++++++++++++++++
 9 files changed, 58 insertions(+), 9 deletions(-)
 create mode 100644 pkg/manifestgen/tmpdir.go

diff --git a/cmd/flux/bootstrap.go b/cmd/flux/bootstrap.go
index b4b319ef..9e390a89 100644
--- a/cmd/flux/bootstrap.go
+++ b/cmd/flux/bootstrap.go
@@ -19,13 +19,13 @@ package main
 import (
 	"crypto/elliptic"
 	"fmt"
-	"os"
 	"strings"
 
 	"github.com/spf13/cobra"
 
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 )
 
@@ -154,7 +154,7 @@ func buildEmbeddedManifestBase() (string, error) {
 	if !isEmbeddedVersion(bootstrapArgs.version) {
 		return "", nil
 	}
-	tmpBaseDir, err := os.MkdirTemp("", "flux-manifests-")
+	tmpBaseDir, err := manifestgen.MkdirTempAbs("", "flux-manifests-")
 	if err != nil {
 		return "", err
 	}
diff --git a/cmd/flux/bootstrap_bitbucket_server.go b/cmd/flux/bootstrap_bitbucket_server.go
index 4898e1fe..b620fa61 100644
--- a/cmd/flux/bootstrap_bitbucket_server.go
+++ b/cmd/flux/bootstrap_bitbucket_server.go
@@ -30,6 +30,7 @@ import (
 	"github.com/fluxcd/flux2/internal/bootstrap/provider"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 	"github.com/fluxcd/flux2/pkg/manifestgen/sync"
@@ -165,7 +166,7 @@ func bootstrapBServerCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	// Lazy go-git repository
-	tmpDir, err := os.MkdirTemp("", "flux-bootstrap-")
+	tmpDir, err := manifestgen.MkdirTempAbs("", "flux-bootstrap-")
 	if err != nil {
 		return fmt.Errorf("failed to create temporary working dir: %w", err)
 	}
diff --git a/cmd/flux/bootstrap_git.go b/cmd/flux/bootstrap_git.go
index 7e2193eb..f3005107 100644
--- a/cmd/flux/bootstrap_git.go
+++ b/cmd/flux/bootstrap_git.go
@@ -35,6 +35,7 @@ import (
 	"github.com/fluxcd/flux2/internal/bootstrap/git/gogit"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 	"github.com/fluxcd/flux2/pkg/manifestgen/sync"
@@ -137,7 +138,7 @@ func bootstrapGitCmdRun(cmd *cobra.Command, args []string) error {
 	defer os.RemoveAll(manifestsBase)
 
 	// Lazy go-git repository
-	tmpDir, err := os.MkdirTemp("", "flux-bootstrap-")
+	tmpDir, err := manifestgen.MkdirTempAbs("", "flux-bootstrap-")
 	if err != nil {
 		return fmt.Errorf("failed to create temporary working dir: %w", err)
 	}
diff --git a/cmd/flux/bootstrap_github.go b/cmd/flux/bootstrap_github.go
index 3f2ff342..14261820 100644
--- a/cmd/flux/bootstrap_github.go
+++ b/cmd/flux/bootstrap_github.go
@@ -30,6 +30,7 @@ import (
 	"github.com/fluxcd/flux2/internal/bootstrap/provider"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 	"github.com/fluxcd/flux2/pkg/manifestgen/sync"
@@ -161,7 +162,7 @@ func bootstrapGitHubCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	// Lazy go-git repository
-	tmpDir, err := os.MkdirTemp("", "flux-bootstrap-")
+	tmpDir, err := manifestgen.MkdirTempAbs("", "flux-bootstrap-")
 	if err != nil {
 		return fmt.Errorf("failed to create temporary working dir: %w", err)
 	}
diff --git a/cmd/flux/bootstrap_gitlab.go b/cmd/flux/bootstrap_gitlab.go
index afebfa91..56768042 100644
--- a/cmd/flux/bootstrap_gitlab.go
+++ b/cmd/flux/bootstrap_gitlab.go
@@ -32,6 +32,7 @@ import (
 	"github.com/fluxcd/flux2/internal/bootstrap/provider"
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 	"github.com/fluxcd/flux2/pkg/manifestgen/sourcesecret"
 	"github.com/fluxcd/flux2/pkg/manifestgen/sync"
@@ -172,7 +173,7 @@ func bootstrapGitLabCmdRun(cmd *cobra.Command, args []string) error {
 	}
 
 	// Lazy go-git repository
-	tmpDir, err := os.MkdirTemp("", "flux-bootstrap-")
+	tmpDir, err := manifestgen.MkdirTempAbs("", "flux-bootstrap-")
 	if err != nil {
 		return fmt.Errorf("failed to create temporary working dir: %w", err)
 	}
diff --git a/cmd/flux/install.go b/cmd/flux/install.go
index 616e3c95..0af11cee 100644
--- a/cmd/flux/install.go
+++ b/cmd/flux/install.go
@@ -27,6 +27,7 @@ import (
 
 	"github.com/fluxcd/flux2/internal/flags"
 	"github.com/fluxcd/flux2/internal/utils"
+	"github.com/fluxcd/flux2/pkg/manifestgen"
 	"github.com/fluxcd/flux2/pkg/manifestgen/install"
 	"github.com/fluxcd/flux2/pkg/status"
 )
@@ -134,7 +135,7 @@ func installCmdRun(cmd *cobra.Command, args []string) error {
 		logger.Generatef("generating manifests")
 	}
 
-	tmpDir, err := os.MkdirTemp("", *kubeconfigArgs.Namespace)
+	tmpDir, err := manifestgen.MkdirTempAbs("", *kubeconfigArgs.Namespace)
 	if err != nil {
 		return err
 	}
diff --git a/pkg/manifestgen/install/install.go b/pkg/manifestgen/install/install.go
index ce6d1e19..80621782 100644
--- a/pkg/manifestgen/install/install.go
+++ b/pkg/manifestgen/install/install.go
@@ -54,7 +54,7 @@ func Generate(options Options, manifestsBase string) (*manifestgen.Manifest, err
 	} else {
 		// download the manifests base from GitHub
 		if manifestsBase == "" {
-			manifestsBase, err = os.MkdirTemp("", options.Namespace)
+			manifestsBase, err = manifestgen.MkdirTempAbs("", options.Namespace)
 			if err != nil {
 				return nil, fmt.Errorf("temp dir error: %w", err)
 			}
diff --git a/pkg/manifestgen/install/manifests.go b/pkg/manifestgen/install/manifests.go
index 6ab91eae..17fc33f1 100644
--- a/pkg/manifestgen/install/manifests.go
+++ b/pkg/manifestgen/install/manifests.go
@@ -26,6 +26,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/fluxcd/pkg/kustomize/filesys"
 	"github.com/fluxcd/pkg/untar"
 
 	"github.com/fluxcd/flux2/pkg/manifestgen/kustomization"
@@ -125,7 +126,12 @@ func build(base, output string) error {
 		return err
 	}
 
-	if err = os.WriteFile(output, resources, 0o640); err != nil {
+	outputBase := filepath.Dir(strings.TrimSuffix(output, string(filepath.Separator)))
+	fs, err := filesys.MakeFsOnDiskSecure(outputBase)
+	if err != nil {
+		return err
+	}
+	if err = fs.WriteFile(output, resources); err != nil {
 		return err
 	}
 
diff --git a/pkg/manifestgen/tmpdir.go b/pkg/manifestgen/tmpdir.go
new file mode 100644
index 00000000..db4daf13
--- /dev/null
+++ b/pkg/manifestgen/tmpdir.go
@@ -0,0 +1,38 @@
+/*
+Copyright 2022 The Flux authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package manifestgen
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+)
+
+// MkdirTempAbs creates a tmp dir and returns the absolute path to the dir.
+// This is required since certain OSes like MacOS create temporary files in
+// e.g. `/private/var`, to which `/var` is a symlink.
+func MkdirTempAbs(dir, pattern string) (string, error) {
+	tmpDir, err := os.MkdirTemp(dir, pattern)
+	if err != nil {
+		return "", err
+	}
+	tmpDir, err = filepath.EvalSymlinks(tmpDir)
+	if err != nil {
+		return "", fmt.Errorf("error evaluating symlink: %w", err)
+	}
+	return tmpDir, nil
+}
-- 
GitLab