github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
acbccfba84
kubernetes/hack/build-ui.sh
Kubernetes Submit Queue 6ccae3060c
Merge pull request #61098 from ipuustin/shell-bugfix6 
Automatic merge from submit-queue (batch tested with PRs 60373, 61098, 61352, 61359, 61362). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Use mktemp instead of static temporary file path in scripts.

**What this PR does / why we need it**:

Using static file names in `/tmp` is considered to be a security anti-pattern, even if the modern Linux distributions make it difficult for the attacker to use symbolic link attacks against the `/tmp` directory. We should consider changing to the pattern of safely creating a temporary directory which only the user can access and placing the temporary files there. This assumes that `mktemp` command is installed -- it should be a safe assumption since the command is already widely used in the kubernetes scripts.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:

**Release note**:

```release-note
NONE
```
2018-03-21 22:39:12 -07:00

56 lines
1.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Copyright 2014 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This script builds ui assets into a single go datafile
set -o errexit
set -o nounset
set -o pipefail
KUBE_ROOT=$(dirname "${BASH_SOURCE}")/..
source "${KUBE_ROOT}/hack/lib/init.sh"
cd "${KUBE_ROOT}"
if ! which go-bindata > /dev/null 2>&1 ; then
echo "Cannot find go-bindata. Install with \"go get github.com/jteeuwen/go-bindata/...\""
exit 1
fi
kube::util::ensure-temp-dir
readonly TMP_DATAFILE="${KUBE_TEMP}/datafile.go"
readonly SWAGGER_SRC="third_party/swagger-ui/..."
readonly SWAGGER_PKG="swagger"
function kube::hack::build_ui() {
local pkg="$1"
local src="$2"
local output_file="staging/src/k8s.io/apiserver/pkg/server/routes/data/${pkg}/datafile.go"
go-bindata -nocompress -o "${output_file}" -prefix ${PWD} -pkg "${pkg}" "${src}"
local year=$(date +%Y)
cat hack/boilerplate/boilerplate.generatego.txt > "${TMP_DATAFILE}"
echo -e "// generated by hack/build-ui.sh; DO NOT EDIT\n" >> "${TMP_DATAFILE}"
cat "${output_file}" >> "${TMP_DATAFILE}"
gofmt -s -w "${TMP_DATAFILE}"
mv "${TMP_DATAFILE}" "${output_file}"
}
kube::hack::build_ui "${SWAGGER_PKG}" "${SWAGGER_SRC}"
Reference in New Issue View Git Blame Copy Permalink