From c8415df61de275c65f5ae1dd6f2074e62cf659bb Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Tue, 8 Dec 2020 21:41:47 +0000
Subject: [PATCH] mktemp not working correctly on Alpine Linux (added XXXXXX to
 template) Fixes #612

---
 getssl                            | 11 +++++---
 test/29-check-mktemp-failure.bats | 47 +++++++++++++++++++++++++++++++
 test/u3-mktemp-template.bats      | 11 ++++++++
 3 files changed, 65 insertions(+), 4 deletions(-)
 create mode 100644 test/29-check-mktemp-failure.bats
 create mode 100644 test/u3-mktemp-template.bats

diff --git a/getssl b/getssl
index 1fb58fb..f509060 100755
--- a/getssl
+++ b/getssl
@@ -621,7 +621,7 @@ check_config() { # check the config files for all obvious errors
   fi
 
   dn=0
-  tmplist=$(mktemp 2>/dev/null || mktemp -t getssl)
+  tmplist=$(mktemp 2>/dev/null || mktemp -t getssl.XXXXXX) || error_exit "mktemp failed"
   for d in "${alldomains[@]}"; do # loop over domains (dn is domain number)
     debug "checking domain $d"
     if [[ "$(grep "^${d}$" "$tmplist")" = "$d" ]]; then
@@ -695,7 +695,10 @@ check_config() { # check the config files for all obvious errors
 }
 
 check_getssl_upgrade() { # check if a more recent version of code is available available
-  TEMP_UPGRADE_FILE="$(mktemp 2>/dev/null || mktemp -t getssl)"
+  TEMP_UPGRADE_FILE="$(mktemp 2>/dev/null || mktemp -t getssl.XXXXXX)"
+  if [ "$TEMP_UPGRADE_FILE" == "" ]; then
+    error_exit "mktemp failed"
+  fi
   curl --user-agent "$CURL_USERAGENT" --silent "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE"
   errcode=$?
   if [[ $errcode -eq 60 ]]; then
@@ -918,7 +921,7 @@ create_csr() { # create a csr using a given key (if it doesn't already exist)
   if [[ ! -s "$csr_file" ]] || [[ "$_RECREATE_CSR" == "1" ]]; then
     info "creating domain csr - $csr_file"
     # create a temporary config file, for portability.
-    tmp_conf=$(mktemp 2>/dev/null || mktemp -t getssl)
+    tmp_conf=$(mktemp 2>/dev/null || mktemp -t getssl) || error_exit "mktemp failed"
     cat "$SSLCONF" > "$tmp_conf"
     printf "[SAN]\n%s" "$SANLIST" >> "$tmp_conf"
     # add OCSP Must-Staple to the domain csr
@@ -1928,7 +1931,7 @@ revoke_certificate() { # revoke a certificate
   ACCOUNT_KEY="$REVOKE_KEY"
   # need to set the revoke key as "account_key" since it's used in send_signed_request.
   get_signing_params "$REVOKE_KEY"
-  TEMP_DIR=$(mktemp -d 2>/dev/null || mktemp -d -t getssl)
+  TEMP_DIR=$(mktemp -d 2>/dev/null || mktemp -d -t getssl) || error_exit "mktemp failed"
   debug "revoking from $URL_revoke"
   rcertdata=$(sed '1d;$d' "$REVOKE_CERT" | tr -d "\r\n" | tr '/+' '_-' | tr -d '= ')
   send_signed_request "$URL_revoke" "{\"certificate\": \"$rcertdata\",\"reason\": $REVOKE_REASON}"
diff --git a/test/29-check-mktemp-failure.bats b/test/29-check-mktemp-failure.bats
new file mode 100644
index 0000000..782dc64
--- /dev/null
+++ b/test/29-check-mktemp-failure.bats
@@ -0,0 +1,47 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+# This is run for every test
+setup() {
+    if [ -z "$STAGING" ]; then
+        export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt
+    fi
+}
+
+
+@test "Check that getssl -c fails with an error message if mktemp fails" {
+    if [ -n "$STAGING" ]; then
+        skip "Internal test, no need to test on staging server"
+    else
+        CONFIG_FILE="getssl-http01.cfg"
+    fi
+
+    # set TMPDIR to an invalid directory and check for failure
+    export TMPDIR=/getssl.invalid.directory
+    setup_environment
+    run ${CODE_DIR}/getssl -c "$GETSSL_CMD_HOST"
+    assert_failure
+    assert_line --partial "mktemp failed"
+}
+
+
+@test "Check that getssl fails with an error message if mktemp fails" {
+    if [ -n "$STAGING" ]; then
+        skip "Internal test, no need to test on staging server"
+    else
+        CONFIG_FILE="getssl-http01.cfg"
+    fi
+
+    setup_environment
+    init_getssl
+
+    # set TMPDIR to an invalid directory and check for failure
+    export TMPDIR=/getssl.invalid.directory
+    create_certificate
+    assert_failure
+    assert_line --partial "mktemp failed"
+}
diff --git a/test/u3-mktemp-template.bats b/test/u3-mktemp-template.bats
new file mode 100644
index 0000000..2cb8040
--- /dev/null
+++ b/test/u3-mktemp-template.bats
@@ -0,0 +1,11 @@
+#! /usr/bin/env bats
+
+load '/bats-support/load.bash'
+load '/bats-assert/load.bash'
+load '/getssl/test/test_helper.bash'
+
+
+@test "Check mktemp -t getssl.XXXXXX works on all platforms" {
+    run mktemp -t getssl.XXXXXX
+    assert_success
+}